Overview
Artifact ID: | 3fa39fc600f333e2c46573d9beba9f61b43c29600b27f09f79abc85ca83e70a7 |
---|---|
Ticket: | 134d90a99615cc7590173d97a37949db8c9574d5
String \0 safety |
User & Date: | js on 2023-07-22 07:17:50 |
Changes
- icomment:
Currently, `OFString` does not reject a `\0` within the string. However, `OFString`s often get passed as C strings. Therefore, either one of the following should be done: * Audit all occurrences where an `OFString` is passed as a C string. * Truncate the length to the first occurrence of `\0`. * Extend the current string checking code to reject `\0` in there if a length has been specified. * If no length has been specified, it cannot be longer until the `\0` anyway. * A good place for this would be in the code that checks whether the passed string is valid UTF-8, to avoid going through the same string twice. * This means strings of another encoding need to check for `\0` during their conversion to UTF-8, as UTF-8 is not validated there since it was just converted and hence assumed correct. The first option probably doesn't scale, as there are many places where an `OFString` is passed as a C string and doesn't cover where this is being done outside of ObjFW. So this would be a potential foot gun for users. The second option might be unexpected and lead to bugs, because the user has just specified a length for the string to create, but the just created string has a different length. Therefore, the third option probably makes most sense.
- login: "js"
- milestone changed to: "none"
- mimetype: "text/x-markdown"
- priority changed to: "High"
- private_contact changed to: "c8a37120da0f2517297a682b10203a3a5eef21c2"
- severity changed to: "Important"
- status changed to: "Open"
- title changed to: "String \0 safety"
- type changed to: "Enhancement"