This is the change that fixed the recent exploit that allowed attackers to remotely gain root on any machine running Exim (installed and enabled by default on Debian, RHEL, and other distros) just by ending the SNI field with a backslash during TLS negotiation. This exploit would not have been possible were it not for C's retarded string format and complete lack of memory safety.
even experts make mistakes. why do you believe that people are perfect?
James Thomas
this If someone built you a safe which was later broken into due to poor design would you blame the tools that they used? If yes then you truely are beyond help.
>What the fuck is exim? One of the most popular mail transfer agents, installed by default on most distros.
>the fix was quick and easy because it was C The fix was so janky that the author originally fucked it up before fixing the fix and squashing them together into the commit in the OP.
If it were any other language, this never would have happened in the first place. This exploit was born of using C's highly-exploitable string format to chain into a heap overflow, neither of which are issues with properly designed modern languages.
> someone used a tool the wrong way so tool is bad > doctor injected someone weed now he gay > weed bad
Andrew Powell
I don't say a genius cannot make a mistake. Pushing code at 03:00 a.m. could result in a fuckup. The real problem here may be that no one audited the original code, or any change that may have introduced the bug.
Fuzzers and automatic code testing exists for reasons as well. Code audits are very time consuming and expensive.
I'm merely saying, yes, a good coder in good physical and mental shape would have spotted the error.
David Sullivan
Let's see some of the perfect shit you've written in C
Jaxson Cruz
Why waste time auditing unreadable code when a machine does it better than the best team of humans?
Jace Wilson
Hate to be the devil's advocate, but there are no strings in C, just char arrays - or much, much more popularly, pointers to char. It's an idiotic mistake that would never have happened in C++ or Rust.
Camden Moore
That's just pedantry. Just because there's no explicit "string" type doesn't mean the concept of strings doesn't exist in C. The implementation of a string as a null-terminated array of characters is still a string, even if it has a type of char pointer.
Nolan Perez
So long as you don't make the compiler enforce your invariants, you are writing ambiguous code.
Joshua Lewis
That has nothing with to do with whether or not the concept of a string exists within the context of C. When I refer to a C string, everyone knows I'm talking about a pointer to a null terminated list of characters. It's absurd and reductionist to make the claim that strings don't exist in C, only the de facto implementation of C strings truly exists.
Zachary Nguyen
Ban assault C code.
Jonathan Smith
/thread
Kayden Sanders
>there are string literals >they generate array terminated by zero byte >standard describes this as string >gcc manual describes this as string >standard libc describes this as string and actively works with it you are imbecile
Easton Reyes
>you don't need seatbelts, just drive slow and careful you idiot Cnile logic.
Sebastian Turner
>Cnile oh oh another for my list of inorganic astro turf terms coming down from our shill farm
can you do me a solid and just type your whole list?
Henry Ramirez
A really great advantage of an actual arrays is instrumented bound checking, which can be further eliminated by compiler if it's provably correct (aka bound-checking elimination optimization). Low level languages existing before C did it. Sadly C was trash since day one and lost many gems of great language design.
Easton Harris
In addition, C strings have an annoying flaw of not allowing arbitrary substrings (assuming it complies with encoding, such as proper codepoint boundary in utf-8) because it won't have the zero byte termination (unless it shares end of string) and needs to be copied instead, or opting for different (mostly the correct one anyway) string implementation of base pointer - and either end pointer or length.
Carter Ross
>return *pp hehe
Jose Rodriguez
one might argue that sanitizers should do the job, but this is incorrect. modifying outside of exposed sub-array does not necessarily modify outside of underlying allocation. proper bound checking is extremely cheap on runtime and catches logical errors sooner. Plus distinguishing between pointer and array syntactically is a sane thing to do. It has no downsides.
Brayden Robinson
also the signedness confusion of char in C is annoying as hell
Nathan Bailey
>still using exim over postfix
Kind of deserve it to be honest. Kek at exim for accepting and parsing smtp shit as a root running process as well.
Joseph Bennett
>a pointer to a null terminated list of characters. Cool, that's totally different from char* which is a pointer to a char. If you want the compiler to know, make it a struct.
Julian Clark
Don't pretend to know any C standard. Arrays decay to pointers. Plus, nothing about char[n] implies null termination.
Jeremiah Wilson
What in the monkey fuck are you doing with char types that signedness matters?
For fucks sake.
Ian Johnson
Every piece of software written with that tool is broken on a regular bases since decades.
>If someone built you a safe which was later broken into due to poor design would you blame the tools that they used? If yes then you truely are beyond help. Being this retarded.
Gavin Miller
Just seeing this code is proof that everyone who writes C in critical areas is completely retarded. You could write as well write assembler directly and hope you caught every edge case.
People who claim they do not make such mistakes with C post their code now, immediately, so we can fuck them in their arrogant asses.
David Morris
>This exploit would not have been possible were it not for C's retarded string format >This exploit was born of using C's highly-exploitable string format I completely agree that C is cancer and I also want to clarify that you must be a brainlet to say that it has any connection to C string format unless this how you say "null terminated strings".
Owen Edwards
>I'm merely saying, yes, a good coder in good physical and mental shape would have spotted the error.
Post your code, you fucking cunt.
Josiah Campbell
adding it with larger type
Adrian Hernandez
This is why C++ is superior. >B-but Rust! C++ does what Rust can do and more. Your diversity hire language sucks.
Angel Murphy
Which is a completely retarded concepts nowadays.
John Russell
fuck C, all C evangelists should kill themselves. Use Ada instead of C if you hate Rust so much
Jaxson Sanders
How can anyone gain root access without entering root password?
Landon Moore
Use a proper fucking type for that instead. Either implicit sign/unsigned declaration of char or a fucking inttype. Its literally 2019 you fucking faggot. Retards like you are why -fsigned-char shit poisons cmake projects that causes wild whacky fun for all involved.
Go fuck yourself.
Wyatt White
>you must be a brainlet to say that it has any connection to C string format unless this how you say "null terminated strings". null terminated strings are very commonly referred to as "C strings". Several languages have some variant of a ".c_str" string method to convert their string to a null terminated C-style string for C interop. It's perfectly correct to interchangeably use "null terminated string" and "C string"
Jonathan Martinez
Ya, c++ can do all sorts of foot gun tier bullshit like unexpected type promotions and all the other confusing different initializer types, move semantics and more. Hell throw in diamond inheritance while we're at it.
Jaxon Morales
you any instruction you want to the application running as root
Wyatt Fisher
C was made for niggers
Andrew Campbell
A mistake in using a tool incorrectly isn't the fault of the tool. You know really a person wrote this, people make mistakes. It happens but you just want a participation award because your mother made the mistake of not aborting you, not to have any skill. We should ban people from writing software and only let trannies do it, that will fix it.
Isaiah Davis
>incorrectly C doesn't support strings and doesn't warn you about obvious UB, it's a shit tool.
William Miller
>language has poor defect >it's faults of those who don't like the defect holy shit user, you are fucking genius yes I literally have to retype char* to unsigned char* on every function call because std libc constantly works with char*, take void* and manually cast it to bytes in every function to avoid this dementia; even this produces warning unsigned char *s = "something";
Samuel Cox
Stop wining and show your C code. So we can fuck you.
Dominic Wright
This is probably the most assinine post I've read all year.
Gavin Collins
What does urban bears have to do with this and why the homophobia? C supports many in the pillow biting community by being the basis for the computing devices they use and create to make a living. If all c code ceased to function you wouldn't even be able to underhandedly promote rust like this. You post therefore you use working c code whether your shrunken head realizes it not.
UB = undefined behaviour. It's normal, most C programmers don't know it when they see it, either. If they see it. >ceased to function That happens every now and again, sites get DOS'd, servers leak data, you name it. You're entirely correct I wouldn't be able to post, as has happened many times.
Noah Ramirez
int main(void){ return 0; }
It's for testing error code, in this case no error, on the command line. I also have another version that returns 9, I call it 9. Nifty, huh.
But the behavior isn't undefined, the original code worked correctly, exactly as written. It twas a badly implemented, arrr matey. Bounds checking is sub-junior level mistake but your taking it like you don't know that. >You're entirely correct I wouldn't be able to post, as has happened many times. The only way to prove yourself correct is to never post which wouldn't really work.
Wow with that coding skills, you should really participate in this discussion.
Caleb Rogers
Why is it so hard for programmers to make a new language with out-of-bounds access protection WITHOUT introducing a lot of bloat like another goddamn package manager?
>worked correctly No, there are several types of UB. >dereferencing a pointer before a null check >dereferencing a pointer before a bounds check >const uschar** instead of const uschar*const* And more. Idiotic language, the compiler never caught these fallacies.
Zachary Smith
All working correctly as written, those are not undefined behavior. More like unintentionally behavior because they forgot error checks. That's really lazy and slightly irritating but people make mistakes.
Have you ever read the fucking standard, retard? You don't sound as smartass as you'd like to be.
Jose Hernandez
c is the worst language thats why i never learnt it
Caleb Sullivan
Yes, can you correctly interpret the standard but more importantly know the deviations in implentations? Keep blaming your tools for your incompetence, it makes you more human like. It's because the originality, it's much more convincing then the rabble rabble rabble repeat other people's thoughts thing. Here's a thought, try being happy.
>incompetence The compiler compiled my code successfully, that means it's 100% according to it. Otherwise, that would mean the compiler doesn't follow the standard strictly (it doesn't, it compiles UB without error by default), which would make the tool trash. Try compiling shitty code in Rust or Go.
Brayden Rivera
>Try compiling shitty code in Rust or Go. Maybe we have different definitions of shitty. As for compiling shitty code, I could do that in any language. Hop on GitHub and be amazed, but it works for the with all the unintentional behavior included.
This whole thing makes me think you don't like error checking or are one of those single return (exit point) weirdos, that makes me question the validity of hand holding tools. PlusImNotAskingPremissionToNameMyIdentifiersHowIWant I like to be in control, not controlled.
>could do that Okay go and write bad code in Go or Rust. >don't like error checking No, I hate it, it's a complete waste of time for something that can and is automated in better languages. >I like to be in control EARN the right to be in control. Until then I have every reason to doubt your abilities.
Nolan Davis
How do you think those other languages represent strings in memory?
Jack Smith
In C++, visual studio, clang, and gcc's standard libraries generally have a dynamic array of chars, size, and capacity members. Also a union to represent short string optimisation and respective flags.
Easton Lopez
If Exim is a mail client why is it theorized this is how crypto for Android has been getting onto web servers?
Dylan Perry
exim is useless anyways systemctl disable exim —now Should fix the issue, thank me later.
Robert Foster
Exim is a mail server
Jonathan Sullivan
This. Install postfix
John Richardson
>engine doesn't work? just ride a bike goy, cars are bloat Cope
Jackson Price
Gracias por tu servicio
Ryder Reed
everyone calm down, why not just extend the standard C? why do like scheme does, everyone rolls a base and then some implement further functionality but rather than being functionality driven its security driven like the guys at Linux do with for example xarray
Michael Nguyen
I made a thread for the sole purpose of embarrassing you LARPers. You are not even capable of making a simple text editor.
Grayson Lee
the confusion was probably caused by that retarded indent style