Hi, On Wed, Dec 30, 2009 at 07:42:21PM +0000, Carl Fredrik Hammar wrote:
> Strings in RPCs, such as the filename argument to a dir_lookup, are > not checked if they are terminated by '\0'. This could lead to the > server segfaulting if it tries to read the string. > > Making MIG check that strings are terminated seems like the proper > fix. AIUI, the first step would be implementing actual string support in MiG at all... While this should probably be considered a todo item, in the present situation, if a server doesn't protect against non-terminated strings, it's a bug *in this server*. If you see any actual instances of this, could you report them?... -antrik-
