[fpc-pascal] Patches for Issue #37906 - DNS over TCP
Noel Duffy
noelduffy at xtra.co.nz
Sun Jan 31 02:00:03 CET 2021
On 30/01/21 11:43 pm, Michael Van Canneyt via fpc-pascal wrote:
>
>
> On Sat, 30 Jan 2021, Noel Duffy via fpc-pascal wrote:
>
>>
>> Lastly, a minor point: in the source for netdb.pp there's a comment warning of stringfromlabel's lack of checks. Since it now has a good few checks, I think this warning is superfluous. But I didn't want to remove it without checking, in case there's more to it than meets the eye.
>
> I also noticed this, but decided to leave it for the moment. if you feel it can be removed, I'll trust your judgment on that.
My vote is to remove the comment. While it may have been justified in the past, the current version of stringfromlabel is reasonably robust and resilient to the most obvious kinds of attack, in my opinion. Now, I'm not a security researcher and haven't done any serious fuzzing attacks against it, so all I can say is that stringfromlabel is about as safe as the rest of the code in netdb.pp.
More information about the fpc-pascal
mailing list