syscall: return EINVAL when string arguments have NUL characters - go - Fork of Go programming language with my patches.

diff options

author	Alexey Borzenkov <snaury@gmail.com>	2012-08-05 17:24:32 -0400
committer	Russ Cox <rsc@golang.org>	2012-08-05 17:24:32 -0400
commit	a108369c830db0b9a9f519fd346b8f593a4d7e14 (patch)
tree	49455ae21d886b9aaf0ba37f52400375191493b1 /src/pkg/os/exec/exec_test.go
parent	8efb70f92e258d458c183232b985c83b477ed3de (diff)
download	go-a108369c830db0b9a9f519fd346b8f593a4d7e14.tar.xz

syscall: return EINVAL when string arguments have NUL characters

Since NUL usually terminates strings in underlying syscalls, allowing it when converting string arguments is a security risk, especially when dealing with filenames. For example, a program might reason that filename like "/root/..\x00/" is a subdirectory or "/root/" and allow access to it, while underlying syscall will treat "\x00" as an end of that string and the actual filename will be "/root/..", which might be unexpected. Returning EINVAL when string arguments have NUL in them makes sure this attack vector is unusable. R=golang-dev, r, bradfitz, fullung, rsc, minux.ma CC=golang-dev https://golang.org/cl/6458050

Diffstat (limited to 'src/pkg/os/exec/exec_test.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: