[Info-vax] A DCL wish list of sorts...
dgordonatvsi at gmail.com
dgordonatvsi at gmail.com
Fri Mar 22 11:48:08 EDT 2019
On Friday, March 22, 2019 at 11:04:38 AM UTC-4, pcanagno... at gmail.com wrote:
>
> Question: How does someone interject arbitrary instructions into the DCL table? I don't think the CDU supports hex escapes in strings. Perhaps that has been added.
>
> ~~ Paul
It's the ability to overwrite the return address on the stack. Not all characters inside a quoted string need to be printable - you just need to be creative to get them in there. One of the CDU bugs (and there were many missed length and maximum item count bugs) allowed an over-length quoted string to be placed in the command table.
It's also worth noting that the real bug was in DCL where it blew the length check before it copied the prompt string onto the stack. While CDU is the official way to create a command table, there's noting to keep enterprising folks from writing a C (or even BASIC) program that will produce a malformed command table that DCL will happily try to swallow.
More information about the Info-vax
mailing list