[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: REPL Server: Guard against HTTP inter-protocol exploitation attacks.
|
From: |
Alex Kost |
|
Subject: |
Re: REPL Server: Guard against HTTP inter-protocol exploitation attacks. |
|
Date: |
Thu, 13 Oct 2016 11:46:33 +0300 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.0.95 (gnu/linux) |
Ludovic Courtès (2016-10-12 14:23 +0200) wrote:
> Alex Kost <address@hidden> skribis:
>
>> Hello, I've noticed an insignificant typo in commit
>> 08c021916dbd3a235a9f9cc33df4c418c0724e03 (in the fancy warning message).
>>
>> [...]
>>> + ;; Print a report to STDERR (POSIX file descriptor 2).
>>> + ;; XXX Can we do better here?
>>> + (call-with-port (dup->port 2 "w")
>>> + (cut format <> "
>>> +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>>> +@@ POSSIBLE BREAK-IN ATTEMPT ON THE REPL SERVER @@
>>> +@@ BY AN HTTP INTER-PROTOCOL EXPLOITATION ATTACK. See: @@
>>> +@@ <https://en.wikipedia.org/wiki/Inter-protocol_exploitation> @@
>>> +@@ Possible HTTP request received: ~S
>> ^^
>> Missing trailing "@@" in the above line.
>
> As discussed on IRC, I think this is intended: we don’t know the length
> of the string being printed by ~S.
Yes, I got it, thanks and sorry for bothering :-)
--
Alex