[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Guile bugs
|
From: |
Marko Rauhamaa |
|
Subject: |
Re: Guile bugs |
|
Date: |
Mon, 11 Sep 2017 11:10:55 +0300 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
address@hidden (Ludovic Courtès):
> I don’t know to what extent that is applicable to your software, but my
> recommendation would be to treat that network socket as a Scheme port,
> pass it to ‘read’, and pass the result to ‘eval’ (as opposed to reading
> the whole string from C++ and passing it to ‘scm_eval_string’.)
Octet stream sockets break the stream at arbitrary locations. Eval isn't
going to like it if you blindly hand bytes over to it. You first need to
break the stream into complete S-expressions. Note also that the socket
might not even respect UTF-8 boundaries so you can't assume you can read
the bytes as text.
Secondly, this lucrative pattern can be very dangerous as it allows
arbitrary code to be executed at the peer end. In most applications, it
is better to interpret the S-expressions explicitly.
Marko
- Re: Guile bugs, Linas Vepstas, 2017/09/09
- Re: Guile bugs, Ludovic Courtès, 2017/09/10
- Re: Guile bugs, Linas Vepstas, 2017/09/10
- Re: Guile bugs, Linas Vepstas, 2017/09/14
- Re: Guile bugs, Ludovic Courtès, 2017/09/15
- Re: Guile bugs, Linas Vepstas, 2017/09/19
- Re: Guile bugs, Chris Vine, 2017/09/19
- Re: Guile bugs, Chris Vine, 2017/09/19
- Re: Guile bugs, Nala Ginrut, 2017/09/19