You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a C string which is not valid UTF8 is used, -[NSString stringWithUTF8String:] returns nil. When attempting to add a nil object to an NSMutableArray, it throws an exception. This exception is not caught, which means the network extension crashes.
After the network extension crashes, internet access is unfiltered for a short time while it restarts. This makes it possible for malware to bypass LuLu by making it crash and then quickly accessing the network.
I recommend fixing this by either ignoring arguments that are invalid UTF8, or using NSData for storing arguments.
The text was updated successfully, but these errors were encountered:
Process arguments on macOS do not have a defined or enforced encoding. UTF8 is common, but nothing prevents a process from using something non-UTF8.
LuLu (and I suspect some other Objective-See tools too) assumes arguments are UTF8:
LuLu/LuLu/Extension/Process.m
Lines 474 to 478 in aafab24
When a C string which is not valid UTF8 is used,
-[NSString stringWithUTF8String:]
returnsnil
. When attempting to add anil
object to anNSMutableArray
, it throws an exception. This exception is not caught, which means the network extension crashes.After the network extension crashes, internet access is unfiltered for a short time while it restarts. This makes it possible for malware to bypass LuLu by making it crash and then quickly accessing the network.
I recommend fixing this by either ignoring arguments that are invalid UTF8, or using
NSData
for storing arguments.The text was updated successfully, but these errors were encountered: