←back to thread

Breaking Git with a carriage return and cloning RCE

(dgl.cx)
349 points dgl | 9 comments | 08 Jul 25 17:48 UTC | HN request time: 0.43s | source | bottom
Show context
dwrodri[dead post] ◴[08 Jul 25 18:22 UTC] No.44502622[source]
[flagged]
bpt3 ◴[08 Jul 25 18:26 UTC] No.44502649[source]
As mentioned in the article, this is a logic error that has nothing to do with C strings.
replies(1): >>44502702 #
1. eptcyka ◴[08 Jul 25 18:32 UTC] No.44502702[source]
Whilst true, there’s a swathe of modern tooling that will aide in marshalling data for IPC. Would you not agree that if protobuf, json or yaml were used, it’d be far less likely for this bug have slipped in?
replies(4): >>44502886 #>>44502968 #>>44503106 #>>44504894 #
2. alexvitkov ◴[08 Jul 25 18:53 UTC] No.44502886[source]
In isolation, for any one particular bug, yes, but if you start applying this logic to everything, even problems as simple as reading some bytes from a file, you end up with a heao of dependencies for the most mundane things. We've tried that, it's bad.
replies(3): >>44502921 #>>44503094 #>>44503589 #
3. gpm ◴[08 Jul 25 18:58 UTC] No.44502921[source]
On the contrary, we've tried it and it works great.
4. bangaladore ◴[08 Jul 25 19:03 UTC] No.44502968[source]
The OC was about language choice. You can use protobuf, json or yaml in C as well.

In general, though, all these can be wildly overkill for many tasks. At some point you just need to write good code and actually test it.

5. sunshowers ◴[08 Jul 25 19:15 UTC] No.44503094[source]
No, I think in general you should trust other people with experience in an area more than your own naive self. Division of labor and all that.

There are exceptions, as always, but using dependencies is good as a first approximation.

6. greatgib ◴[08 Jul 25 19:17 UTC] No.44503106[source]
Having "safe" yaml parsing is a whole topic of head scratching in whatever language of your choice if you want a rabbit hole to look into...
7. eptcyka ◴[08 Jul 25 20:08 UTC] No.44503589[source]
I don't believe we must apply any guideline ad absurdum. Using a battle tested marshalling/serialization library is clearly the way to go most often. Of course, one can still construct difficult to parse XML and JSON or any other blob for any given format, but the chances that bad input will result in an RCE are lower.
8. bpt3 ◴[08 Jul 25 23:19 UTC] No.44504894[source]
No I would not agree that YAML or JSON parsers in any language are far less likely to have logic errors, and I'm not sure why protobuf (a binary format) would be a good choice for a human readable file.

INI is not a particularly complex format (less complex than YAML for example), and there are existing open source parsers written in C that could have been used.

You can dig in all you want, but this is not an issue with C strings or the INI format.

replies(1): >>44508438 #
9. account42 ◴[09 Jul 25 10:55 UTC] No.44508438[source]
This isn't even a parser error at all - the INI format comes from DOS/Windows where a trailing carriage return would not be considered part of the value either.