digitalmars.D - Default arguments in function callbacks not taken into account when
- Andrej Mitrovic via Digitalmars-d (25/25) Apr 29 2014 -----
- Wyatt (10/16) Apr 29 2014 I'm sorry, but can you explain how this lets an attacker learn
- Andrej Mitrovic via Digitalmars-d (7/10) Apr 30 2014 Maybe I over-exaggerated a little bit here.
- David Eagen (1/1) May 02 2014 Is this in Bugzilla?
----- import std.traits; import std.stdio; void handler(C)(C callback) { callback("John"); } void main() { auto safeCallback = (string user, string pass = "hunter2") { writefln("The password is: '%s'", pass); }; handler(safeCallback); someOtherFunc(); } void someOtherFunc() { auto hijackPassword = (string user, string pass) { writefln("Now I know your password: '%s'", pass); }; handler(hijackPassword); } -----
Apr 29 2014
On Tuesday, 29 April 2014 at 10:38:24 UTC, Andrej Mitrovic via Digitalmars-d wrote:void main() { auto safeCallback = (string user, string pass = "hunter2") { writefln("The password is: '%s'", pass); };I'm sorry, but can you explain how this lets an attacker learn anything useful? I think it's a funny trick, and I agree on principle that it's probably an error that should be fixed, but I'm having trouble coming up with reasons why being able to discover the default argument (which I would assume is sentinel junk) has gravity. I would generally consider literal assignments in code to be trivially compromised anyway? -Wyatt
Apr 29 2014
On 4/29/14, Wyatt via Digitalmars-d <digitalmars-d puremagic.com> wrote:I'm sorry, but can you explain how this lets an attacker learn anything useful?Maybe I over-exaggerated a little bit here. On 4/29/14, Kenji Hara via Digitalmars-d <digitalmars-d puremagic.com> wrote:This is a compiler bug.Ok, I thought it was maybe by design. I remember there being a similar issue with function pointers not being distinct w.r.t. default arguments. There's a bugzilla issue where Walter comments on it. I'm not sure about the issue number though.
Apr 30 2014