29
What would that be
Null Byte Injection?How to avoid it?
1 answer
28
It is the sending of a byte null (0) as a text that will later be used in some part of the application that will likely give access to some resource that should not be accessed.
How common strings be treated with a string ending with a null, this would cause security operations that add a protective text in the string received by the application externally do not consider this text, since text comparison functions stop when they find a null.
This is common in standard C functions (there are some new ones that do not suffer from this problem). For this reason extra checks or manipulations should be done before the use of texts of external origin. Like everything of external origin.
Languages that use these functions without doing any extra checking or manipulation suffer from the same problem. PHP suffered from this in the past, but today knows how to avoid this in its critical functions.
The solution is usually simple, since a null is rarely correct when it comes from the source web, where the type of attack is most common.
Basically, this particular concern is not necessary. If you validate or clean external data correctly, as you should always do, you don’t have this problem. This is just one of the characters that should not be accepted.
Browser other questions tagged string security-guard null
You are not signed in. Login or sign up in order to post.
Just to add: the reference you asked me was in Manual for PHP, that talks about Null Byte Injection, precisely because PHP internally uses C. It seems that Bug has been fixed in versions higher than PHP 5.3.4, according to that answer.
– Wallace Maxters