On Tue, Jun 13, 2017 at 12:05 AM, Peter Dimov via Boost
Artyom Beilis wrote:
Deny of Service Attack Example:
- User creates a file with invalid UTF-16 - System monitors the file system and adds it to the XML report in WTF-8 format - The central server does not accept the XML since it fails UTF-8 validation - User does whatever he wants without monitoring - It removes the file - There were no reports generated during the period user needed -DOS attack
I can't help but note that the same attack would work under Unix. The user can easily create a file with an invalid UTF-8 name. And, since the library doesn't enforce valid UTF-8 on POSIX (right?) it would pass through.
Note, under POSIX user takes strings as is and can't trust the source. Under Windows it need to convert them using nowide which can give him false assumption that it receives valid UTF-8. Once again I have no problem providing wtf8 to wide and other way around functions when user EXPLICITLY says it. But it shell not be default behavior or some behavior you turn on with some global define. Artyom