[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]

Re: [ID 19991230.004] Phrack finds a major perl bug



On 6 Jan 2000, Russ Allbery wrote:

> While I largely agree with this, I think that it may be worth making a
> special exception for nul characters embedded in the middle of file names
> passed to sysopen().  To the user, sysopen is part of Perl, and should be
> able to handle any Perl string or return an error saying that it can't
> create that file.  It's impossible in the Unix file system to create or
> open the file "foo\0bar", so sysopen should return an error.  It should
> *not* silently open "foo" and not tell you that.

I wouldn't be surprised if there are scripts that actually use this
feature.  My reasoning: sticking a null in the middle of a char buffer and
passing it to a system call is a useful C idiom.  The expectation (and the
reality) is that the system call will only look at the pre-null part of
the buffer.  I think it is possible that transplanted C programmers may be
using the same idiom in perl, currently successfully.

Maybe it should be a warning, if it's going to be anything but acceptable?

-sam


Follow-Ups from:
Chip Salzenberg <chip@valinux.com>
References to:
Russ Allbery <rra@stanford.edu>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]