RE: Any reason not to use strcpy, strcat or scanf?

["David Gillett" <gillettdavid () fhda edu>]

  These functions rely on a null byte as terminator of the source, so
it can be of arbitrary length.  Ensuring that it will actually fit in
the destination buffer is performed elsewhere, IF at all.  The variants 
which allow a maximum length to be specified guarantee that an excessive
input elsewhere will AT LEAST not be propagated.

Dave Gillett


> -----Original Message-----
> From: A.V. [mailto:pahalial.lists () gmail com]
> Sent: Wednesday, July 14, 2004 4:00 AM
> To: Secbasics
> Subject: Any reason not to use strcpy, strcat or scanf?
>
>
> Hi,
>
> I was simply wondering after seeing the "blackhat audit" program sent
> to F-D whether there was actually any reason not to use these
> functions (strcpy/strcat/scanf) in your code. I mean, I understand why
> you shouldn't use scanf to i.e. process user input, but other than
> that? Some kind of unexpected behaviour or something?
>
> Thanks,
> A.V.


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------