Designing socket messaging format

Donn Cave donn at drizzle.com
Tue Nov 13 07:54:09 CET 2001


Quoth shriek at gmx.co.uk (Stephen):

| Just read Dan Bernstein's description. Interesting note about
| security considerations using CRLF, which follows on from an
| earlier post in this thread.
|
|
|    4. Security considerations
|
|    The famous Finger security hole may be blamed on Finger's use of the
|    CRLF encoding. In that encoding, each string is simply terminated by
|    CRLF. This encoding has several problems. Most importantly, it does
|    not declare the string size in advance. This means that a correct
|    CRLF parser must be prepared to ask for more and more memory as it is
|    reading the string. In the case of Finger, a lazy implementor found
|    this to be too much trouble; instead he simply declared a fixed-size
|    buffer and used C's gets() function. The rest is history.
|
|    In contrast, as the above sample code shows, it is very easy to
|    handle netstrings without risking buffer overflow. Thus widespread
|    use of netstrings may improve network security.

Widespread use of decent programming languages would do a lot more in
the same direction.  This one is a problem with C, not with CRLF data.
The notion that we should tailor our data protocols to keep programmers
away from fixed-size buffers is kind of sick, and it's frustrating to
think that it's a serious practical consideration outside the cozy
haven of c.l.p.

	Donn Cave, donn at drizzle.com



More information about the Python-list mailing list