-
Alexey Borzenkov authored
Since NUL usually terminates strings in underlying syscalls, allowing it when converting string arguments is a security risk, especially when dealing with filenames. For example, a program might reason that filename like "/root/..\x00/" is a subdirectory or "/root/" and allow access to it, while underlying syscall will treat "\x00" as an end of that string and the actual filename will be "/root/..", which might be unexpected. Returning EINVAL when string arguments have NUL in them makes sure this attack vector is unusable. R=golang-dev, r, bradfitz, fullung, rsc, minux.ma CC=golang-dev https://golang.org/cl/6458050
a108369c
Name |
Last commit
|
Last update |
---|---|---|
.. | ||
lookup_stubs.go | ||
lookup_unix.go | ||
lookup_windows.go | ||
user.go | ||
user_test.go |