Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
Re: [opensuse] Now what? Glibc bug, vulnerability
On 02/17/2016 01:18 PM, John Andersen wrote:
On 02/17/2016 10:08 AM, Stevens wrote:


On 02/17/2016 11:22 AM, Christopher Myers wrote:
Pardon my ignorance on this, but is there any way to harden the language
itself so that it's less
prone to issues like this?


In a word, NO!

Sure there is.

The problem is, it would break just about everything, because decades of
bad programing habits made deliberate use of the weakness.
Maximum length is seldom a part of the definition of a string.


That's a bit of a yes-no-maybe.
Some languages like Ruby, Perl and others like Pascal have proper string
handling rather than low-level string handling. The strings are dynamic
memory rather then static buffers.

Well, OK, you CAN input to a static array in those languages, but you
are doing it explicitly. If a structure has a field that is a string it
is a pointer to a dynamically managed entity so that if you do

hpp->url = "http://"; + hpp->url ;

the interpreter code allocates a new buffer, builds the new string,
frees the old.





--
A: Yes.
> Q: Are you sure?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting frowned upon?

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >