/top/
/new/
/best/
/ask/
/show/
/job/
^
slacker news
login
about
←back to thread
Breaking Git with a carriage return and cloning RCE
(dgl.cx)
349 points
dgl
| 1 comments |
08 Jul 25 17:48 UTC
|
HN request time: 0.202s
|
source
Show context
dwrodri
[dead post]
◴[
08 Jul 25 18:22 UTC
]
No.
44502622
[source]
▶
>>44502330 (OP)
#
[flagged]
bpt3
◴[
08 Jul 25 18:26 UTC
]
No.
44502649
[source]
▶
>>44502622
#
As mentioned in the article, this is a logic error that has nothing to do with C strings.
replies(1):
>>44502702
#
eptcyka
◴[
08 Jul 25 18:32 UTC
]
No.
44502702
[source]
▶
>>44502649
#
Whilst true, there’s a swathe of modern tooling that will aide in marshalling data for IPC. Would you not agree that if protobuf, json or yaml were used, it’d be far less likely for this bug have slipped in?
replies(4):
>>44502886
#
>>44502968
#
>>44503106
#
>>44504894
#
1.
greatgib
◴[
08 Jul 25 19:17 UTC
]
No.
44503106
[source]
▶
>>44502702
#
Having "safe" yaml parsing is a whole topic of head scratching in whatever language of your choice if you want a rabbit hole to look into...
ID:
GO
↑