Re^5: Why do poisoned null attacks still work ?

As (the string parts of) Perl scalars always are terminated with a \0, I doubt that there is much conversion happening at the interface between Perl and the C library. But as Taint will catch this and other errors, I don't see why there should be another system.

Comment on Re^5: Why do poisoned null attacks still work ? Download Code

Replies are listed 'Best First'.
Re^6: Why do poisoned null attacks still work ? by ikegami (Patriarch) on Jul 22, 2009 at 22:53 UTC
They're not always. While places that omit the trailing NUL tend to get fixed, it's also considered a bug to expect it to be present from what I've seen.	[reply]
Re^7: Why do poisoned null attacks still work ? by Anonymous Monk on Jul 23, 2009 at 00:45 UTC
How do you mean?	[reply]
Re^8: Why do poisoned null attacks still work ? by ikegami (Patriarch) on Jul 23, 2009 at 03:43 UTC
Unlike C, the end of a Perl string is determined by a field outside of the string's payload. This allows Perl strings to contain any characters, including NUL. As protection against XS authors who treat the string payload as a C string, Perl strings usually have an extra byte allocated, set to NUL. As I understand it, this is a courtesy, not a guarantee.	[reply]
Re^9: Why do poisoned null attacks still work ? by ysth (Canon) on Jul 26, 2009 at 20:18 UTC