Secure Coding mailing list archives
Re: New Microsoft Security Tool for developers
From: Steve Litt <slitt () troubleshooters com>
Date: Fri, 12 Dec 2003 19:41:21 +0000
On Friday 12 December 2003 10:10 am, Liudvikas Bukys wrote:
Okay, now to this little gem. What's wrong with this code? It's a code sample I saw recently on outlining a safe way to write buffer overrun-free code. void noOverflow(char *str) { char buffer[10]; strncpy(buffer,str,(sizeof(buffer)-1)); buffer[(sizeof(buffer)-1)]=0; /* Avoiding buffer flow with the above two lines */ }
If there's something wrong with it I'm in trouble, because I use the preceding algorithm frequently. I suppose if buffer was 0 length it would be a problem, but nobody's that dumb. SteveT Steve Litt Author: * Universal Troubleshooting Process courseware * Troubleshooting Techniques of the Successful Technologist * Rapid Learning: Secret Weapon of the Successful Technologist Webmaster * Troubleshooters.Com * http://www.troubleshooters.com (Legal Disclaimer) Follow these suggestions at your own risk.
Current thread:
- New Microsoft Security Tool for developers Tegels, Kent (Dec 09)
- Message not available
- Re: New Microsoft Security Tool for developers Andreas Saurwein (Dec 09)
- Message not available
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 09)
- Re: New Microsoft Security Tool for developers Liudvikas Bukys (Dec 12)
- Re: New Microsoft Security Tool for developers Avner Peled (Dec 12)
- Re: New Microsoft Security Tool for developers Jeremy Thibeaux (Dec 12)
- Re: New Microsoft Security Tool for developers Steve Litt (Dec 12)
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 12)
- Re: New Microsoft Security Tool for developers Steve Litt (Dec 12)
- Re: New Microsoft Security Tool for developers Jack D. Unrue (Dec 12)
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 13)
- Re: New Microsoft Security Tool for developers Liudvikas Bukys (Dec 12)
- Re: What's wrong with this code? Jared W. Robinson (Dec 12)
- RE: New Microsoft Security Tool for developers David Crocker (Dec 12)
- Re: New Microsoft Security Tool for developers der Mouse (Dec 13)
- Re: New Microsoft Security Tool for developers der Mouse (Dec 13)
- <Possible follow-ups>
- RE: New Microsoft Security Tool for developers Tegels, Kent (Dec 09)
- RE: New Microsoft Security Tool for developers Lewis, Todd (Dec 12)