Hi,
The danger could be avoided by a taint bit: if the string is known
to not contain \0, it can be passed directly. Otherwise, it needs to
be checked and marked if it's safe. If it's unsafe, an exception can
be thrown.
IMO the better approach is simply to forbid NUL in strings
Hi,
Take JSON as an example: JSON character strings can encode NULs, so if
CHICKEN were to reject NULs in character strings, you could not write a
JSON parser in CHICKEN.
That's technically true, but where will you find a JSON document in the
wild that contains \u? JSON parsers
Hi,
JSON is an interesting example since it started out as a potential
security issue because it was proposed before parsers existed,
and there was a tendency to just use Eval to parse. Maybe not
the best place to look for safe coding practices.
I don't really get what your point is here?!
Hi,
Doing a real READY? procedure is IMHO not going to work without
a single-fd poll.
ioctl(FIONREAD)?
Regards, Florian
___
Chicken-hackers mailing list
Chicken-hackers@nongnu.org
https://lists.nongnu.org/mailman/listinfo/chicken-hackers
Hi,
If we keep the ~-expansion, any safe code that use the filesystem API
will have to resort to tricks like
(operation (if (absolute-pathname? the-path)
the-path
(make-pathname (current-directory) the-path)))
to guard against input that would cause
Hi,
Would what git format-patch's --attach produces help you? Not sure whether
that actually would work with my workflow, but I could try it ...
I don't know what that will do, but maybe you can give it a try on your
next patch. As long as it produces an email that looks like everyone
Add (declare (disable-interrupts)) to tcp so that errno doesn't get changed at
inappropriate points during execution.
---
I don't really have a clue whether this is the correct way to do it, but
the code that was breaking before is not breaking anymore with this patch
applied ...
tcp.scm |1
Fix file descriptor leaks in tcp that happen in case of exceptions before ports
or a listener get returned to the caller. Also, save and restore errno around
the cleanup close() calls so that the error messages report the original
failure even if close() modified errno.
---
tcp.scm | 66
---
files.scm |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/files.scm b/files.scm
index 54beacf..706d103 100644
--- a/files.scm
+++ b/files.scm
@@ -412,7 +412,7 @@ EOF
(define split-directory
(lambda (loc dir keep?)
(##sys#check-string dir loc)
-
Remove ##sys#expand-home-path as shell expansion has no place in a filesystem
API.
---
Feel free to disagree--I thought it's better to start with an actual patch
than with with a purely theoretical discussion of the issue.
eval.scm |2 -
files.scm|3 +-
library.scm
Hi,
On Fri, Mar 15, 2013 at 06:58:42AM +0100, Florian Zumbiehl wrote:
Remove (load)ing of ./.csirc on csi startup as it can lead to execution of
untrusted code.
This is pretty serious. I'll request a CVE and issue an advisory
shortly, once this patch has gone in. Attached is a slightly
Port 65535 is a perfectly valid TCP port which so far was rejected by
tcp-listen.
---
tcp.scm |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/tcp.scm b/tcp.scm
index 5a9e2e1..cc68def 100644
--- a/tcp.scm
+++ b/tcp.scm
@@ -251,7 +251,7 @@ EOF
(define (##net#bind-socket
Encode DEL (ASCII character 127) in strings as \x7f instead of as literal DEL
in write.
---
library.scm |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/library.scm b/library.scm
index 27d543f..89eb6bd 100644
--- a/library.scm
+++ b/library.scm
@@ -3301,7 +3301,8 @@ EOF
Make pretty-print encode control characters in strings as escape sequences
rather than as literal bytes, the same way write does it.
---
extras.scm | 29 +++--
1 files changed, 19 insertions(+), 10 deletions(-)
diff --git a/extras.scm b/extras.scm
index 0e8b144..8cdbf4a
Hi,
currently, the bind egg parses const char * as (const (c-pointer char)),
even though that's the type signature of a pointer to constant characters
and not of a constant pointer to characters.
The patch below fixes that--though I am not sure whether the parsing
strategy wouldn't actually need
Hi,
I noticed that qs doesn't escape pipe characters. I suggest the patch
below, which not only makes it so that pipes get escaped, but it also
switches away from the blacklist approach, which invariably doesn't
work ;-)
Regards, Florian
16 matches
Mail list logo