A serious security bug... caused by no bounds checking.
Marco Leise
Marco.Leise at gmx.de
Fri Apr 11 15:01:29 PDT 2014
> But in a D-created struct, the data would be an array, instead of a
> ptr+length.
>
> -Steve
If I understand you right, you mean a variation of this:
struct Packet { ubyte[] payload; }
But indirections don't fly with serialized network packets.
Am Fri, 11 Apr 2014 17:35:15 +0000
schrieb "Kagamin" <spam at here.lot>:
> In D implementation the client packet would be reliably confined
> by a slice, so the forged length will be checked against packet
> boundaries.
>
> byte[] packet = recieve();
> int length = get_payload_length(packet);
> dest[0..length] = packet[3..3+length];
I'd argue that at this point you already knew you would mess
up the heartbeat code and designed it directly around D's
bounds checks instead of using structs and direct access of
header fields. It's a clever solution that you propose here.
Have you used it on real code before (i.e. does it scale) or
did you come up with it just for this case?
--
Marco
More information about the Digitalmars-d
mailing list