Secure Coding mailing list archives

Re: New Microsoft Security Tool for developers

From: Steve Litt <slitt () troubleshooters com>
Date: Sat, 13 Dec 2003 04:10:22 +0000

Oh Oh, what about this:

if(noOverflow("\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0")) {
  printf("No overflow unless the 10th char of the string was \\0\n");
}

SteveT

bool noOverflow(char *str)
{
     char buffer[10];

     if( str == NULL )
     {
         /* We should never have a NULL string */
          assert( false );
          return false;
     }

     /* Lets prep our buffer to check for an overflow. Lets nullify the end
char first */
     buffer[sizeof(buffer)-1] = '\0';

    /* Lets copy the string in, max of buffer size */
    strncpy( buffer, str, sizeof(buffer) );

    /* Now lets check if the null at the end of the buffer has been
trampled */
    if( buffer[sizeof(buffer)-1] != '\0' )
    {
          /* We know of an unsafe string. This has overflowed! */
          return false;
     }

     /* Avoiding buffer flow with the above two lines */
     return true;
}

Current thread:

New Microsoft Security Tool for developers Tegels, Kent (Dec 09)
- Message not available
  - Re: New Microsoft Security Tool for developers Andreas Saurwein (Dec 09)
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 09)
  - Re: New Microsoft Security Tool for developers Liudvikas Bukys (Dec 12)
    - Re: New Microsoft Security Tool for developers Avner Peled (Dec 12)
    - Re: New Microsoft Security Tool for developers Jeremy Thibeaux (Dec 12)
    - Re: New Microsoft Security Tool for developers Steve Litt (Dec 12)
    - Re: New Microsoft Security Tool for developers Dana Epp (Dec 12)
    - Re: New Microsoft Security Tool for developers Steve Litt (Dec 12)
    - Re: New Microsoft Security Tool for developers Jack D. Unrue (Dec 12)
    - Re: New Microsoft Security Tool for developers Dana Epp (Dec 13)
    - Re: What's wrong with this code? Jared W. Robinson (Dec 12)
    - RE: New Microsoft Security Tool for developers David Crocker (Dec 12)
    - Re: New Microsoft Security Tool for developers der Mouse (Dec 13)
    - Re: New Microsoft Security Tool for developers der Mouse (Dec 13)
- <Possible follow-ups>
- RE: New Microsoft Security Tool for developers Tegels, Kent (Dec 09)
- RE: New Microsoft Security Tool for developers Lewis, Todd (Dec 12)
- RE: New Microsoft Security Tool for developers Chris Richards (Dec 12)
  - Re: New Microsoft Security Tool for developers der Mouse (Dec 13)

(Thread continues...)