[Info-vax] A DCL wish list of sorts...
pcanagnostopoulos at gmail.com
pcanagnostopoulos at gmail.com
Fri Mar 22 11:04:37 EDT 2019
On Friday, March 22, 2019 at 10:44:36 AM UTC-4, dgordo... at gmail.com wrote:
> On Friday, March 22, 2019 at 10:26:20 AM UTC-4, pcanagno... at gmail.com wrote:
>
> > But I don't understand the descriptions. They talk about a malformed command table. How is such a thing created? By a user-defined command that exploits a compiler bug?
> >
>
> A combination of poor length/limit checking in CDU and a signed test that should have been unsigned in DCL itself. At least two of the parsing modules hadn't been touched in over 20 years.
Yes, I wrote the V4.0 compiler. I assign myself a low D- for this CDU bug.
It's interesting how we never worried about hackers back in those days. Everyone is quite on top of length and limit checking these days, I hope. Heck, I never once thought about the possibility of forging the PHONE protocol to interject text into a conversation.
Question: How does someone interject arbitrary instructions into the DCL table? I don't think the CDU supports hex escapes in strings. Perhaps that has been added.
~~ Paul
More information about the Info-vax
mailing list