A safer File.readln
Markus Laker via Digitalmars-d
digitalmars-d at puremagic.com
Mon Jan 23 03:05:55 PST 2017
On Monday, 23 January 2017 at 10:44:50 UTC, Shachar Shemesh wrote:
> Of course, if, instead of 50% we increase by less (say, 20%),
> we could reuse previously used memory even sooner.
Yes, you're right, of course: expansion of strings and other
arrays is a classic time-versus-space trade-off. However,
expanding strings more slowly is a much bigger change than I have
the D experience or credentials to suggest. And I don't think it
really solves the problem: it just requires the attacker to wait
another few seconds for /dev/zero to deliver enough data to fill
up memory. A simple length-check in readln, in contrast, would
prevent an attacker from flooding us with data in the first place.
Markus
More information about the Digitalmars-d
mailing list