Right now our user query parser and our content-disposition parser use lots of raw pointer manipulation. This is obviously a bad idea.
One example of a parser that is designed to be secure is Nom, from the VLC project. It's written in Rust, which we could either embed in C (if we don't mind the dependency) or port/learn from.
Right now our user query parser and our content-disposition parser use lots of raw pointer manipulation. This is obviously a bad idea.
One example of a parser that is designed to be secure is Nom, from the VLC project. It's written in Rust, which we could either embed in C (if we don't mind the dependency) or port/learn from.