• Alexey Borzenkov's avatar
    syscall: return EINVAL when string arguments have NUL characters · a108369c
    Alexey Borzenkov authored
    Since NUL usually terminates strings in underlying syscalls, allowing
    it when converting string arguments is a security risk, especially
    when dealing with filenames. For example, a program might reason that
    filename like "/root/..\x00/" is a subdirectory or "/root/" and allow
    access to it, while underlying syscall will treat "\x00" as an end of
    that string and the actual filename will be "/root/..", which might
    be unexpected. Returning EINVAL when string arguments have NUL in
    them makes sure this attack vector is unusable.
    
    R=golang-dev, r, bradfitz, fullung, rsc, minux.ma
    CC=golang-dev
    https://golang.org/cl/6458050
    a108369c
Name
Last commit
Last update
api Loading commit data...
doc Loading commit data...
include Loading commit data...
lib Loading commit data...
misc Loading commit data...
src Loading commit data...
test Loading commit data...
.hgignore Loading commit data...
.hgtags Loading commit data...
AUTHORS Loading commit data...
CONTRIBUTORS Loading commit data...
LICENSE Loading commit data...
PATENTS Loading commit data...
README Loading commit data...
favicon.ico Loading commit data...
robots.txt Loading commit data...