Secure Coding mailing list archives
Re: New Microsoft Security Tool for developers
From: Steve Litt <slitt () troubleshooters com>
Date: Sat, 13 Dec 2003 04:10:22 +0000
Oh Oh, what about this: if(noOverflow("\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0")) { printf("No overflow unless the 10th char of the string was \\0\n"); } SteveT
bool noOverflow(char *str) { char buffer[10]; if( str == NULL ) { /* We should never have a NULL string */ assert( false ); return false; } /* Lets prep our buffer to check for an overflow. Lets nullify the end char first */ buffer[sizeof(buffer)-1] = '\0'; /* Lets copy the string in, max of buffer size */ strncpy( buffer, str, sizeof(buffer) ); /* Now lets check if the null at the end of the buffer has been trampled */ if( buffer[sizeof(buffer)-1] != '\0' ) { /* We know of an unsafe string. This has overflowed! */ return false; } /* Avoiding buffer flow with the above two lines */ return true; }
Current thread:
- New Microsoft Security Tool for developers Tegels, Kent (Dec 09)
- Message not available
- Re: New Microsoft Security Tool for developers Andreas Saurwein (Dec 09)
- Message not available
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 09)
- Re: New Microsoft Security Tool for developers Liudvikas Bukys (Dec 12)
- Re: New Microsoft Security Tool for developers Avner Peled (Dec 12)
- Re: New Microsoft Security Tool for developers Jeremy Thibeaux (Dec 12)
- Re: New Microsoft Security Tool for developers Steve Litt (Dec 12)
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 12)
- Re: New Microsoft Security Tool for developers Steve Litt (Dec 12)
- Re: New Microsoft Security Tool for developers Jack D. Unrue (Dec 12)
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 13)
- Re: New Microsoft Security Tool for developers Liudvikas Bukys (Dec 12)
- Re: What's wrong with this code? Jared W. Robinson (Dec 12)
- RE: New Microsoft Security Tool for developers David Crocker (Dec 12)
- Re: New Microsoft Security Tool for developers der Mouse (Dec 13)
- Re: New Microsoft Security Tool for developers der Mouse (Dec 13)
- <Possible follow-ups>
- RE: New Microsoft Security Tool for developers Tegels, Kent (Dec 09)
- RE: New Microsoft Security Tool for developers Lewis, Todd (Dec 12)
- RE: New Microsoft Security Tool for developers Chris Richards (Dec 12)
- Re: New Microsoft Security Tool for developers der Mouse (Dec 13)