Designing socket messaging format
Donn Cave
donn at drizzle.com
Tue Nov 13 01:54:09 EST 2001
Quoth shriek at gmx.co.uk (Stephen):
| Just read Dan Bernstein's description. Interesting note about
| security considerations using CRLF, which follows on from an
| earlier post in this thread.
|
|
| 4. Security considerations
|
| The famous Finger security hole may be blamed on Finger's use of the
| CRLF encoding. In that encoding, each string is simply terminated by
| CRLF. This encoding has several problems. Most importantly, it does
| not declare the string size in advance. This means that a correct
| CRLF parser must be prepared to ask for more and more memory as it is
| reading the string. In the case of Finger, a lazy implementor found
| this to be too much trouble; instead he simply declared a fixed-size
| buffer and used C's gets() function. The rest is history.
|
| In contrast, as the above sample code shows, it is very easy to
| handle netstrings without risking buffer overflow. Thus widespread
| use of netstrings may improve network security.
Widespread use of decent programming languages would do a lot more in
the same direction. This one is a problem with C, not with CRLF data.
The notion that we should tailor our data protocols to keep programmers
away from fixed-size buffers is kind of sick, and it's frustrating to
think that it's a serious practical consideration outside the cozy
haven of c.l.p.
Donn Cave, donn at drizzle.com
More information about the Python-list
mailing list