Telodendria/Cytoplasm
Telodendria/Cytoplasm
3
3
Fork 5
Code Issues 17 Pull requests 2 Projects Releases 2 Packages Activity Actions

JSON decoding may cause potential issues related to signatures #61

New issue
Open
opened 2024-11-09 12:57:26 +00:00 by lda · 3 comments
lda commented 2024-11-09 12:57:26 +00:00
Contributor
Copy link

Mostly a Telodendria issue, but the JSON decoder ignores \u0000:

Line 528 in b4841ff
if (codepoint == 0)

This could cause issues with projects like Telodendria, where an event could contain one. Most homeservers would then manage signatures and hashes with the NULL managed, whereas Telodendria may strip it off, thus causing events being dropped due to invalid hashing(and as such, may cause divergence between Telodendria and non-Telodendria homeservers).

A band-aid fix may be to handle NULL as the 2-byte UTF-8 sequence, which would allow it to be stored in a C string properly, but isn't standard UTF-8 behavior (due to overlongs), and could be then processed by faulty tools as a NULL(though the standard behavior would not allow that)
A more long-term solution may be work towards #4 (though such an interface would need to have a way to convert to a C string, which would require us to think about handling NULL codepoints again)

Mostly a Telodendria issue, but the JSON decoder *ignores* `\u0000`: https://git.telodendria.io/Telodendria/Cytoplasm/src/commit/b4841fffaaa8986e849106fff1c3b70952e49e16/src/Json.c#L528 This could cause issues with projects like Telodendria, where an event could contain one. Most homeservers would then manage signatures and hashes *with* the NULL managed, whereas Telodendria may strip it off, thus causing events being dropped due to invalid hashing(and as such, may cause divergence between Telodendria and non-Telodendria homeservers). A band-aid fix may be to handle NULL as the 2-byte UTF-8 sequence, which would allow it to be stored in a C string properly, but isn't standard UTF-8 behavior (due to overlongs), and could be then processed by faulty tools as a NULL(though the standard behavior would *not* allow that) A more long-term solution may be work towards #4 (though such an interface would need to have a way to convert to a C string, which would require us to think about handling NULL codepoints again)
jordan commented 2024-11-09 13:12:42 +00:00
Owner
Copy link

Good catch. The reason I did this was precisely because C strings are NULL-terminated, so I agree that we should move toward #4 if we really want to solve this issue, as that's really the only true fix.

Why would we need to convert to a C string, beyond printing to a console? I'm legitimately trying to think of a use case when we'd need C strings, but I'm blanking so maybe you are thinking of something I'm not.

My thinking with #4 is that everything that took a C string before would take our new string type, so Cytoplasm would exclusively work with this custom time, and by extension, anything that uses Cytoplasm probably would too.

Good catch. The reason I did this was precisely because C strings are `NULL`-terminated, so I agree that we should move toward #4 if we really want to solve this issue, as that's really the only true fix. Why would we need to convert to a C string, beyond printing to a console? I'm legitimately trying to think of a use case when we'd need C strings, but I'm blanking so maybe you are thinking of something I'm not. My thinking with #4 is that everything that took a C string before would take our new string type, so Cytoplasm would exclusively work with this custom time, and by extension, anything that uses Cytoplasm probably would too.
lda commented 2024-11-09 15:02:18 +00:00
Author
Contributor
Copy link

Why would we need to convert to a C string, beyond printing to a console?

A main thought may be having to deal with other C projects/libraries (which may not designed around Cytoplasm, or worse, may not even offer a way to take in any other format than a plain C-string)

> Why would we need to convert to a C string, beyond printing to a console? A main thought may be having to deal with *other* C projects/libraries (which may not designed around Cytoplasm, or worse, may not even offer a way to take in any other format than a plain C-string)
jordan commented 2024-11-09 15:17:58 +00:00
Owner
Copy link

Ah that's a good point. We can certainly have a function that produces a C string for when it's needed, but unfortunately I don't know if there's anything we can do if a NULL shows up in those strings.

Ah that's a good point. We can certainly have a function that produces a C string for when it's needed, but unfortunately I don't know if there's anything we can do if a `NULL` shows up in those strings.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v0.4.1
v0.4.0
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Telodendria/Cytoplasm#61
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?