Default arguments in function callbacks not taken into account when instantiating templates has huge security implications
Andrej Mitrovic via Digitalmars-d
digitalmars-d at puremagic.com
Tue Apr 29 03:38:13 PDT 2014
-----
import std.traits;
import std.stdio;
void handler(C)(C callback)
{
callback("John");
}
void main()
{
auto safeCallback = (string user, string pass = "hunter2")
{
writefln("The password is: '%s'", pass);
};
handler(safeCallback);
someOtherFunc();
}
void someOtherFunc()
{
auto hijackPassword = (string user, string pass)
{
writefln("Now I know your password: '%s'", pass);
};
handler(hijackPassword);
}
-----
More information about the Digitalmars-d
mailing list