1
0
mirror of https://github.com/golang/go synced 2024-10-04 22:21:22 -06:00
Commit Graph

4 Commits

Author SHA1 Message Date
Alexey Borzenkov
a108369c83 syscall: return EINVAL when string arguments have NUL characters
Since NUL usually terminates strings in underlying syscalls, allowing
it when converting string arguments is a security risk, especially
when dealing with filenames. For example, a program might reason that
filename like "/root/..\x00/" is a subdirectory or "/root/" and allow
access to it, while underlying syscall will treat "\x00" as an end of
that string and the actual filename will be "/root/..", which might
be unexpected. Returning EINVAL when string arguments have NUL in
them makes sure this attack vector is unusable.

R=golang-dev, r, bradfitz, fullung, rsc, minux.ma
CC=golang-dev
https://golang.org/cl/6458050
2012-08-05 17:24:32 -04:00
Lucio De Re
8ec32e8d84 syscall: fix for Plan 9 build
exec_plan9.go:
. Adjusted return argument to match other changes.
#mksyscall.pl:
. Replaced "err = e1" with "err = NewError(e1)".
* Change abandoned, Russ made a better suggestion involving
  syscall_plan9.go.
syscall_plan9.go:
. Removed redundant "err = nil" lines.
. Adjusted //sys lines for mksyscall.pl.
* Replaced "err string" with "err ErrorString" in return arguments.
zsyscall_plan9_386.go:
. This module ought to be generated, but as it exists in the
  repository, I rebuilt it and checked that it matched expectations.
  Anybody is welcome to remove this from the repository if
  they feel it should go, but remember that not all Plan 9
  installations have a working Perl.

R=rsc
CC=ality, golang-dev
https://golang.org/cl/5411046
2011-11-21 09:55:15 -05:00
Lucio De Re
087a34869a syscall, os, time: fix Plan 9 build
R=rsc, bradfitz
CC=golang-dev
https://golang.org/cl/5371092
2011-11-16 17:37:54 -05:00
Yuval Pavel Zholkover
1cc4a5cd94 R=rsc, brainman, ality, r2, r
CC=golang-dev
https://golang.org/cl/3816043
2011-04-02 14:24:03 -07:00