Full Disclosure mailing list archives

Re: C99 Security Alert-Old-New-Who-Cares :) - (:

From: Valdis.Kletnieks () vt edu
Date: Fri, 30 May 2003 11:41:38 -0400

On Fri, 30 May 2003 04:05:32 -0000, "democow ...." <democow8086 () hotmail com>  said:

char * strcpy(char * dest,const char *src)
{
        char *tmp = dest;

      [1]  while ((*dest++ = *src++) != '\0')
                /* nothing */;
        return tmp;
}


Kernighan & Ritchie, "The C Programming Language", had this in the first
edition - and correctly noted that this can be further optimized to:

             while (*dest++ = *src++);

eliminating a comparison to '\0'.  So not only is it insecure, but it's
inefficient, unless you have a *really* good optimizing compiler that can
tell that the comparison to null can be optimized away.  And yes, you
need a *good* optimizer that can see that comparing to a null byte is
a special case (for instance, you can't optimize   != '\n'  the same way).

Attachment: _bin
Description:

Current thread:

C99 Security Alert-Old-New-Who-Cares :) - (: democow .... (May 29)
- Re: C99 Security Alert-Old-New-Who-Cares :) - (: Valdis . Kletnieks (May 30)
- <Possible follow-ups>
- RE: C99 Security Alert-Old-New-Who-Cares :) - (: Schmehl, Paul L (May 30)