std.file functions and embedded NUL characters [CWE-158]
monkyyy
crazymonkyyy at gmail.com
Thu Jul 31 22:27:56 UTC 2025
On Thursday, 31 July 2025 at 21:47:24 UTC, Richard (Rikki) Andrew
Cattermole wrote:
> This is quite a good example of why for PhobosV3 I want us to
> go through a FilePath abstraction, rather than accepting random
> strings for file names.
whats wrong with just changing toStringz? I dont understand the
threat profile imagined by the infinitely wise cve org; but you
could make toStringz:
a) shorten it to the first null char
b) replace null with something
c) (bad idea but youll love it) assert when detecting extra null
More information about the Digitalmars-d
mailing list