Vulnerability Development mailing list archives

Re: Secure coding in C (was Re: Administrivia #4883)

From: kmartin () PIONEER-NET COM (K Martin)
Date: Mon, 17 Jan 2000 12:13:01 +0000


Paul Cardon wrote:


K Martin wrote:

]     char *a = something();
]     char *b = something_else();
]     int len = strlen(a) + strlen(b);
]     char *c = malloc(len + 1) || die("malloc");
]     (void) strcat(strcpy(c, a), b);


I'm partial to strncpy(); strcpy is a known hobgoblin to secure programming.


Too many people blindly accept the idea of "strcpy bad ... strncpy good ...".


Uh yeah. I'm being misunderstood. My fault. Mr. Bennet's original example did
not give me any indication as to the exact nature if something() and
something_else(). They could have allocated heap memory, (in which case they
needed to be checked for bad return values) for all I could tell.

They are both fine when used correctly and both bad when used incorrectly.  The
problems are that there are subtleties in the interfaces (design
inconsistencies) that lead to common unsafe usage and too many coders who do not
take the time to read and understand the documentation where those gotchas are
evident  (laziness).  There are also common mistakes in attempts to use strcpy
and strncpy safely by people who *have* read the documentation.


Sir, that covers alot of ground when you're trying to write _portable_ code,
assuming the documentation exists for every target platform.

When you throw portability into the fray, then you have to hardcode any and all
bounds checking into your code.

There is no way for a programmer to know where his/her code is going to be a few
years down the road. I only write code for systems I have access to. I can only
read documentation I have access to (and that exists). I also have to stay
within POSIX specs.

In itself, fact that I am a human being positively guarantees that something
will go wrong.

--
--------------------------------------------------
Karl Martin --  kmartin () pioneer-net com
"SYNTAX ERROR IN 9000" -- C64
"I'm afraid I can't allow that, Dave." -- Hal9000
--------------------------------------------------

Current thread:

Re: ICQ >= 99* + CC Data, (continued)
- - - Re: ICQ >= 99* + CC Data Vanja Hrustic (Jan 16)
    - Re: Secure coding in C (was Re: Administrivia #4883) Liviu Daia (Jan 16)
    - Re: Secure coding in C (was Re: Administrivia #4883) Valery Dachev (Jan 17)
    - Netdetect.exe with backdoor? (ICQ) WolF Knox (Jan 15)
    - Re: Netdetect.exe with backdoor? (ICQ) Brad Griffin (Jan 15)
    - Re: Secure coding in C (was Re: Administrivia #4883) Iván Arce (Jan 14)
    - Re: Secure coding in C (was Re: Administrivia #4883) kay (Jan 15)
    - Re: Secure coding in C (was Re: Administrivia #4883) Brian Masney (Jan 16)
    - Re: Secure coding in C (was Re: Administrivia #4883) K Martin (Jan 16)
    - Re: Secure coding in C (was Re: Administrivia #4883) Paul Cardon (Jan 16)
    - Re: Secure coding in C (was Re: Administrivia #4883) K Martin (Jan 17)
    - Re: Secure coding in C (was Re: Administrivia #4883) Bennett Todd (Jan 17)
    - Re: Secure coding in C (was Re: Administrivia #4883) Aviram Jenik (Jan 16)
    - Re: Secure coding in C (was Re: Administrivia #4883) Craig H. Rowland (Jan 17)
    - Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days Solar Eclipse (Jan 17)
    - Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days Blue Boar (Jan 17)
    - Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days kay (Jan 18)
    - Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21Days Blue Boar (Jan 18)
    - e-commerce site security (was: Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days) Jon Paul, Nollmann (Jan 18)
    - Re: Secure coding in C (was Re: Administrivia #4883) Warner Losh (Jan 17)
    - Re: Secure coding in C (was Re: Administrivia #4883) Tellier, Brock (Jan 20)

(Thread continues...)