On Mon, Jan 20, 2025 at 08:17:00AM -0500, Jason Yundt wrote: > On Mon, Jan 20, 2025 at 12:14:42PM +0100, Alejandro Colomar wrote: > > Hi Florian, Jason, > > > > On Mon, Jan 20, 2025 at 09:20:27AM +0100, Florian Weimer wrote: > > > Character sets used by glibc locales must be mostly ASCII-transparent. > > > This includes the mapping of the null byte. It is possible to create > > > locales that do not follow these rules, but they tend to introduce > > > security vulnerabilities, particularly if shell metacharacters are > > > mapped differently. > > > > Thanks! Then, Jason, please use terminated strings in the example, and > > assume a glibc locale. > > OK. I’ll submit a new version of the patch that does that. > > > If one uses a locale that doesn't work like this, they'll have the call > > fail because the converted null character won't fit, so the program > > would still be safe. > > I disagree. I don’t think that the code would necessarily be safe if > someone uses such a locale. D'oh! Agree, I was wrong. Anyway, if one creates an unsafe locale, let's say the warranty is void. :-) Cheers, Alex -- <https://www.alejandro-colomar.es/>
Attachment:
signature.asc
Description: PGP signature
