lua-users home
lua-l archive

Re: C-isms: 0円 bytes & Lua's stdlib (Re: [ANN] Lua 5.3.4 (rc3) now available)

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index] 

-- Part of a hypothetical messaging server
local function file_exists(path)
 local f = io.open(path,"r")
 if f then f:close() return true
 else return false
 end
end
local mailbox_name = read_string_from_socket(sock)..".mbox"
if file_exists(mailbox_name) then
 -- This mailbox already exists, so it's safe to write to it.
 -- (Any file on the filesystem that ends with `.mbox` can be
 -- considered a valid mailbox. This isn't a real security risk.
 local f = io.open(mailbox_name,"a")
 f:write("--- Message from ", get_sender_name_from_socket(sock),
 " ---\n", read_string_from_socket(sock), "\n")
 f:close()
else
 terminate_connection_with_error(sock, "Unknown receiver")
end
-- (end of code section)
The above code openly contains a security problem that could rightly
be considered unimportant. However, what happens if
read_string_from_socket is implemented in a way that allows NUL bytes
in the returned string?
And what happens if I send a message to someone named "/etc/passwd0円"?
A message whose contents are the single line "scriptkiddie:...crypted
password...:1337:1337:,,,:/home:/bin/bash"?
In my opinion, the IO functions should throw an error any time a file
path string contains an embedded NUL. Other functions are less
critical.

AltStyle によって変換されたページ (->オリジナル) /