Secure Coding mailing list archives
Re: New Microsoft Security Tool for developers
From: Jeremy Thibeaux <jthibeaux () yahoo com>
Date: Fri, 12 Dec 2003 19:36:46 +0000
Perhaps it would be better to check for str == null. Jeremy Thibeaux Lucid Factory, inc. --- Liudvikas Bukys <[EMAIL PROTECTED]> wrote:
The Michael Howard MSDN article on the Windows Application Verifier closes with the following "little gem". I'm afraid that the answer does not leap out at me. Does anyone see through it?
http://msdn.microsoft.com/library/en-us/dncode/html/secure12112003.asp
----- Okay, now to this little gem. What's wrong with this code? It's a code sample I saw recently on outlining a safe way to write buffer overrun-free code. void noOverflow(char *str) { char buffer[10]; strncpy(buffer,str,(sizeof(buffer)-1)); buffer[(sizeof(buffer)-1)]=0; /* Avoiding buffer flow with the above two lines */ }
Current thread:
- New Microsoft Security Tool for developers Tegels, Kent (Dec 09)
- Message not available
- Re: New Microsoft Security Tool for developers Andreas Saurwein (Dec 09)
- Message not available
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 09)
- Re: New Microsoft Security Tool for developers Liudvikas Bukys (Dec 12)
- Re: New Microsoft Security Tool for developers Avner Peled (Dec 12)
- Re: New Microsoft Security Tool for developers Jeremy Thibeaux (Dec 12)
- Re: New Microsoft Security Tool for developers Steve Litt (Dec 12)
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 12)
- Re: New Microsoft Security Tool for developers Steve Litt (Dec 12)
- Re: New Microsoft Security Tool for developers Jack D. Unrue (Dec 12)
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 13)
- Re: New Microsoft Security Tool for developers Liudvikas Bukys (Dec 12)
- Re: What's wrong with this code? Jared W. Robinson (Dec 12)
- RE: New Microsoft Security Tool for developers David Crocker (Dec 12)
- Re: New Microsoft Security Tool for developers der Mouse (Dec 13)
- Re: New Microsoft Security Tool for developers der Mouse (Dec 13)
- <Possible follow-ups>
- RE: New Microsoft Security Tool for developers Tegels, Kent (Dec 09)