How, in this century, did anyone think passing http url params as env vars was an acceptable design? Fix is incomplete & goahead is unfixable.https://twitter.com/elttam/status/942630494054752256 …
It's analogous to if you made a C-like language where the only input primitive was gets(). There'd be no way to fix it without overhauling all existing code.
-
-
Well, two mmap() and a signal handler. But no _practical_ way, anyway. :)
-
At best that lets you safely abort the program on excess input; there's still no way to cleanly recover.
-
I'm not saying it's a good idea, but http://pubs.opengroup.org/onlinepubs/009695399/functions/siglongjmp.html … is posix. (Black belt in disgusting solutions to impossible problems.)
-
longjmp is not AS-safe, so it can be used in a signal handler iff the signal does not interrupt any AS-unsafe functions. All of stdio is AS-unsafe.
-
You keep thinking threading is a mandatory part of C.
-
AS-safety has no relation to threads. (That said
@RichFelker is slightly incorrect here: longjmp is AS-Safe but longjmping out of gets would not be http://pubs.opengroup.org/onlinepubs/9699919799/functions/longjmp.html … ) -
Ah, that's very strange text. It's almost the same as being non-AS-safe, but allows longjmp as long as rest of program only calls AS-safe functions until _exit or exec.
-
And indeed it has nothing to do with threads. It just means the internal state of stdio (or anything not AS-safe) will be inconsistent after longjmp out of it from a signal handler.
- 5 more replies
New conversation -
-
-
(I actually disagree, because I can implement a safe gets(). But that's another story.)
-
The interface definition is unsafe & unusable. Not an implementation issue.
-
True that the standard gets() interface is unusable, unless all input is trusted. Next q: how to deal with an overly permissive interface that somehow got as far as being "standard"? "Refactor all code" is one option. "Write down a usable refinement and implement it" is another.
-
The same goes of the C language itself. It's a permissive yet standard "interface". It's also, in one particular sense, unsafe by design. I personally don't advocate throwing away C.
-
On reflection this is unfair in one respect: it is *possible*, albeit very very difficult, to write portably secure and correct C. It is not possible to use gets() in the same way. Still, in practice, all interesting C code relies on *some* properties of implementation(s)....
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.