Okay, I can see that but we were talking specifically about eval. So, my examples were intended to showcase the two ways that eval can be called and not how to safely obtain data from the internet.
On Tue, May 30, 2017 at 4:06 PM, Ruben Safir <ru...@mrbrklyn.com> wrote: > On 05/30/2017 04:04 PM, John Dunlap wrote: > > In that example, the contents of $data are never evaluated by eval so > > even if it can be "smashed"(whatever that means) eval would have nothing > > to do with the failure. > > > it means your bringing in data without a limit and you can smash the > stack like that and I've seen this kind of code do just that. > > That is not just an issue for eval... > > > > -- > So many immigrant groups have swept through our town > that Brooklyn, like Atlantis, reaches mythological > proportions in the mind of the world - RI Safir 1998 > http://www.mrbrklyn.com > > DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 > http://www.nylxs.com - Leadership Development in Free Software > http://www2.mrbrklyn.com/resources - Unpublished Archive > http://www.coinhangout.com - coins! > http://www.brooklyn-living.com > > Being so tracked is for FARM ANIMALS and and extermination camps, > but incompatible with living as a free human being. -RI Safir 2013 > -- John Dunlap *CTO | Lariat * *Direct:* *j...@lariat.co <j...@lariat.co>* *Customer Service:* 877.268.6667 supp...@lariat.co
