Re: AW: Lua exposure to C vulnerabilities?

Subject: Re: AW: Lua exposure to C vulnerabilities?
From: Laurent FAILLIE &lt;l_faillie@ ... &gt;
Date: Mon, 19 Sep 2016 07:32:31 +0000 (UTC)

Hello,

> If my 'library' failed to do proper bounds checking and had the potential for buffer overruns (for example)

> when exposed to a network, would calling said library from Lua protect me?

First of all, the problem is not due to C language but too the library itself ... and the problem is the same if you call it from any language.

I mean, as long as you call this library API, the "upper" language has strictly no way to prevent buffer overrun or such : the controle is totaly on the hands of the library developper.

You may reduce the risk by checking arguments before API calls (but it's true to whatever language), but unsecure library will remain unsecure.

Bye

Laurent