Re: NCSA httpd 1.3

[Dan_Thorson () notes seagate com (Dan Thorson )]

I've been thinking about many of the latest security holes, specifically those 
having to do with overrunning char strings.  We know one rule:
    Never use sprintf(dest, fmt, ...), strcpy(dest, src), etc, as they do no
    checking on the max length of "dest"
However, perhaps another rule:
    Avoid using strncat(dest, src, n) or strncpy(dest, src, n), etc, as they
    _also_ do no checking on the max length of "dest", although 'n' can be
    properly calculated & make them safe.

Perhaps, instead, it's time to write a new series of string manipulators....
ones that do the following:
1)  Behave similarly to the existing functions (like sprintf(), strncat(),
    strncpy(), but take an additional argument "destlen", which is (of course)
    the max length of the destination string.
2)  Do the string-function, but if the "dest" string will be overrun, return an
    error code AND post to the syslog function.

I could see a couple of advantages.
o) We could "grep" all our mission-critical code for the "offensive" functions,
   and replace them.
o) If anything shows up in the syslog(), it'd be due to either malicious
   behavior, or bad coding, either of which I know _I'd_ want to know about.

This doesn't see like it'd be too hard.  Anybody got the time?  I'd think anyone
writing code that'll live where badguys live would want to take the time.  ANY
suid program should use them.

My opinion.  Nobody else wants it.

Dan Thorson (DT35)
(612) 844-5738
dan_thorson () notes seagate com                        postmaster () seagate com
thorson () mr net                                       
postmaster () notes seagate com