Vulnerability Development mailing list archives
Re: Secure coding in C (was Re: Administrivia #4883)
From: paul () MOQUIJO COM (Paul Cardon)
Date: Mon, 17 Jan 2000 00:16:31 -0500
K Martin wrote:
] char *a = something(); ] char *b = something_else(); ] int len = strlen(a) + strlen(b); ] char *c = malloc(len + 1) || die("malloc"); ] (void) strcat(strcpy(c, a), b);I'm partial to strncpy(); strcpy is a known hobgoblin to secure programming.
Too many people blindly accept the idea of "strcpy bad ... strncpy good ...". They are both fine when used correctly and both bad when used incorrectly. The problems are that there are subtleties in the interfaces (design inconsistencies) that lead to common unsafe usage and too many coders who do not take the time to read and understand the documentation where those gotchas are evident (laziness). There are also common mistakes in attempts to use strcpy and strncpy safely by people who *have* read the documentation. Todd Miller and Theo de Raadt of The OpenBSD Project have developed a potential solution presented during the Freenix track of the 1999 Usenix Technical Conference called "strlcpy and strlcat--Consistent, Safe, String Copy and Concatenation". The PostScript paper and slides are at http://www.openbsd.org/papers/strlcpy-paper.ps http://www.openbsd.org/papers/strlcpy-slides.ps while HTML and PDF versions are available to Usenix members at http://www.usenix.org/publications/library/proceedings/usenix99/millert.html The source code and documentation is at http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/string/ in the files strlcat.c strlcpy.c and strlcpy.3 Hopefully the OpenBSD impementation will undergo additional scrutiny and gain wider usage. Any new code should consider using it. Just remember that retrofitting old code must be done carefully to avoid introducing other bugs. -paul
Current thread:
- ICQ >= 99* + CC Data (Was: Re: Administrivia #4883), (continued)
- ICQ >= 99* + CC Data (Was: Re: Administrivia #4883) Ken Williams (Jan 16)
- Re: ICQ >= 99* + CC Data Vanja Hrustic (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Liviu Daia (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Valery Dachev (Jan 17)
- Netdetect.exe with backdoor? (ICQ) WolF Knox (Jan 15)
- Re: Netdetect.exe with backdoor? (ICQ) Brad Griffin (Jan 15)
- Re: Secure coding in C (was Re: Administrivia #4883) Iván Arce (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) kay (Jan 15)
- Re: Secure coding in C (was Re: Administrivia #4883) Brian Masney (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) K Martin (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Paul Cardon (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) K Martin (Jan 17)
- Re: Secure coding in C (was Re: Administrivia #4883) Bennett Todd (Jan 17)
- Re: Secure coding in C (was Re: Administrivia #4883) Aviram Jenik (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Craig H. Rowland (Jan 17)
- Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days Solar Eclipse (Jan 17)
- Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days Blue Boar (Jan 17)
- Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days kay (Jan 18)
- Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21Days Blue Boar (Jan 18)
- e-commerce site security (was: Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days) Jon Paul, Nollmann (Jan 18)
- Re: Secure coding in C (was Re: Administrivia #4883) Warner Losh (Jan 17)