A serious security bug... caused by no bounds checking.
Steven Schveighoffer
schveiguy at yahoo.com
Fri Apr 11 19:52:23 PDT 2014
On Fri, 11 Apr 2014 18:01:29 -0400, Marco Leise <Marco.Leise at gmx.de> wrote:
>> But in a D-created struct, the data would be an array, instead of a
>> ptr+length.
>>
>> -Steve
>
> If I understand you right, you mean a variation of this:
>
> struct Packet { ubyte[] payload; }
>
> But indirections don't fly with serialized network packets.
Indirections were in the struct that was the subject of that article. Here
it is:
typedef struct ssl3_record_st
{
int type; /* type of record */
unsigned int length; /* How many bytes available */
unsigned int off; /* read/write offset into 'buf' */
unsigned char *data; /* pointer to the record data */
unsigned char *input; /* where the decode bytes are */
unsigned char *comp; /* only used with decompression -
malloc()ed */
unsigned long epoch; /* epoch number, needed by DTLS1 */
unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
} SSL3_RECORD;
No way that's a directly serialized network packet.
-Steve
More information about the Digitalmars-d
mailing list