A serious security bug... caused by no bounds checking.
Kagamin
spam at here.lot
Fri Apr 11 10:35:15 PDT 2014
On Friday, 11 April 2014 at 16:17:49 UTC, Marco Leise wrote:
> This still doesn't touch D's array bounds checking at all,
> because the array pointer and length come from an unreliable
> source to begin with!
In D implementation the client packet would be reliably confined
by a slice, so the forged length will be checked against packet
boundaries.
byte[] packet = recieve();
int length = get_payload_length(packet);
dest[0..length] = packet[3..3+length];
More information about the Digitalmars-d
mailing list