Vulnerability Development mailing list archives
Re: Secure coding in C (was Re: Administrivia #4883)
From: marcow () JENA ENG SUN COM (Marco Walther)
Date: Fri, 14 Jan 2000 13:48:50 -0800
"BT" == Bennett Todd <bet () RAHUL NET> writes:
BT> For a specific case, is there any security hole directly implied by BT> this C fragment, assuming attackers could control the contents of a BT> and b? BT> char *a = something(); BT> char *b = something_else(); BT> int len = strlen(a) + strlen(b); BT> char *c = malloc(len + 1) || die("malloc"); BT> (void) strcat(strcpy(c, a), b); I don't see any problems here;-) BT> BTW, what I ended up coding instead of that last line (as it grew BT> way more complex) was equivalent to: BT> snprintf(c, len, "%s%s", a, b) > 0 || die "snprintf"; You're dead! Use (*a == '\0' && *b == '\0') and snprintf() returns `0'!! Good lock;-) -- Marco BT> -Bennett --
Current thread:
- Administrivia #4883 Blue Boar (Jan 13)
- Re: Administrivia #4883 Marc (Jan 13)
- Re: Administrivia #4883 Travis Siegel (Jan 13)
- [Fwd: Administrivia #4883] Blue Boar (Jan 13)
- Firewall-1 Logging *Issue* Mike Frantzen (Jan 13)
- Re: Firewall-1 Logging *Issue* Blue Boar (Jan 13)
- Re: Administrivia #4883 nascheme () ENME UCALGARY CA (Jan 14)
- Secure coding in C (was Re: Administrivia #4883) Bennett Todd (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) Marco Walther (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) Bennett Todd (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) Liviu Daia (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) spin0ff (Jan 16)
- ICQ >= 99* + CC Data (Was: Re: Administrivia #4883) Ken Williams (Jan 16)
- Re: ICQ >= 99* + CC Data Vanja Hrustic (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Liviu Daia (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Valery Dachev (Jan 17)
- Secure coding in C (was Re: Administrivia #4883) Bennett Todd (Jan 14)
- Re: Administrivia #4883 Marc (Jan 13)
- Netdetect.exe with backdoor? (ICQ) WolF Knox (Jan 15)
- Re: Netdetect.exe with backdoor? (ICQ) Brad Griffin (Jan 15)
- Re: Secure coding in C (was Re: Administrivia #4883) Iván Arce (Jan 14)