Hi Florian, Jason, On Mon, Jan 20, 2025 at 09:20:27AM +0100, Florian Weimer wrote: > Character sets used by glibc locales must be mostly ASCII-transparent. > This includes the mapping of the null byte. It is possible to create > locales that do not follow these rules, but they tend to introduce > security vulnerabilities, particularly if shell metacharacters are > mapped differently. Thanks! Then, Jason, please use terminated strings in the example, and assume a glibc locale. If one uses a locale that doesn't work like this, they'll have the call fail because the converted null character won't fit, so the program would still be safe. Have a lovely day! Alex -- <https://www.alejandro-colomar.es/>
Attachment:
signature.asc
Description: PGP signature
