search

codebutler / firesheep

A Firefox extension that demonstrates HTTP session hijacking attacks.
http://codebutler.github.com/firesheep
GNU General Public License v3.0
2.34k stars 635 forks source link

Fix use-after-free bugs #219

Open akalin opened 10 years ago

akalin commented 10 years ago

The pattern:

const char *foo = function_returning_string().c_str();

is dangerous because the pointer lives only as long as the temporary string returned by the function (i.e., the end of the statement), so using 'foo' leads to a use-after-free.

Fixed that by doing:

const string &foo = function_returning_string();
...
function_taking_pointer(foo.c_str());

instead. This is safe because binding a temporary to a const reference makes that temporary live for the whole block.

Also removed some other unnecessary calls to c_str().

akalin commented 10 years ago

Ugh, this fix is buggy. Stay tuned...

akalin commented 10 years ago

Okay, this version should work. That's what I get for not testing before pushing...