|
Am 07.07.2016 um 20:13 schröbte Soni L.:
On 07/07/16 03:00 PM, Philipp Janda wrote:Pretty much every programming language since C has done a better job about strings. One obvious example: C++ strings, which can grow, calculate the size in O(1), and contain NUL characters. You can even have bounds checking on access ...And cannot be handed over to the OS without first being validated.
How do you hand over an `std::string` to the OS?
Remember exploits involving java and NUL and filenames?
Not that particular one, but there have been others e.g. in Browsers, where the displayed URL wasn't the real one, or in certificates, where the CA didn't check the owner of the real domain ...
Philipp