digitalmars.D - Default arguments in function callbacks not taken into account when
- Andrej Mitrovic via Digitalmars-d (25/25) Apr 29 2014 -----
- Wyatt (10/16) Apr 29 2014 I'm sorry, but can you explain how this lets an attacker learn
- Andrej Mitrovic via Digitalmars-d (7/10) Apr 30 2014 Maybe I over-exaggerated a little bit here.
- David Eagen (1/1) May 02 2014 Is this in Bugzilla?
-----
import std.traits;
import std.stdio;
void handler(C)(C callback)
{
callback("John");
}
void main()
{
auto safeCallback = (string user, string pass = "hunter2")
{
writefln("The password is: '%s'", pass);
};
handler(safeCallback);
someOtherFunc();
}
void someOtherFunc()
{
auto hijackPassword = (string user, string pass)
{
writefln("Now I know your password: '%s'", pass);
};
handler(hijackPassword);
}
-----
Apr 29 2014
On Tuesday, 29 April 2014 at 10:38:24 UTC, Andrej Mitrovic via
Digitalmars-d wrote:
void main()
{
auto safeCallback = (string user, string pass = "hunter2")
{
writefln("The password is: '%s'", pass);
};
I'm sorry, but can you explain how this lets an attacker learn
anything useful? I think it's a funny trick, and I agree on
principle that it's probably an error that should be fixed, but
I'm having trouble coming up with reasons why being able to
discover the default argument (which I would assume is sentinel
junk) has gravity. I would generally consider literal
assignments in code to be trivially compromised anyway?
-Wyatt
Apr 29 2014
On 4/29/14, Wyatt via Digitalmars-d <digitalmars-d puremagic.com> wrote:I'm sorry, but can you explain how this lets an attacker learn anything useful?Maybe I over-exaggerated a little bit here. On 4/29/14, Kenji Hara via Digitalmars-d <digitalmars-d puremagic.com> wrote:This is a compiler bug.Ok, I thought it was maybe by design. I remember there being a similar issue with function pointers not being distinct w.r.t. default arguments. There's a bugzilla issue where Walter comments on it. I'm not sure about the issue number though.
Apr 30 2014
"David Eagen" <davideagen mailinator.com>