Full Disclosure mailing list archives
Re: [inbox] Re: RE: Linux (in)security
From: Ted Unangst <tedu () stanford edu>
Date: Sun, 26 Oct 2003 16:29:56 -0800 (PST)
On Mon, 27 Oct 2003, Brett Hutley wrote:
char buf[10]; const char *str1 = "OVER"; const char *str2 = "FLOW!!!!!"; sprintf(buf, "%s%s", str1, str2); Admittedly a contrived example. The best way to handle this type of stuff is to provide "safe" functions - like a sprintfn() that takes the maximum size of the buffer to write into as an argument. This function is reasonably tricky to write however. Consider the following example:
erm, snprintf? the reasonably tricky to implement part is kinda true, there are/were many implementations which didn't do the right thing, but i think that's improved. -- "I am making this trip to Africa because Washington is an international city, just like Tokyo, Nigeria or Israel. As mayor, I am an international symbol. Can you deny that to Africa?" - M. Barry, Mayor of Washington, DC _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: [inbox] Re: RE: Linux (in)security Glenn_Everhart (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Curt Purdy (Oct 24)
- Re: [inbox] Re: RE: Linux (in)security Bill Royds (Oct 26)
- Re: [inbox] Re: RE: Linux (in)security Gregory A. Gilliss (Oct 26)
- Re: [inbox] Re: RE: Linux (in)security Valdis . Kletnieks (Oct 26)
- Re: [inbox] Re: RE: Linux (in)security Paul Schmehl (Oct 26)
- Re: [inbox] Re: RE: Linux (in)security Brett Hutley (Oct 26)
- Re: [inbox] Re: RE: Linux (in)security Ted Unangst (Oct 26)
- Re: [inbox] Re: RE: Linux (in)security Brett Hutley (Oct 26)
- Coding securely, was Linux (in)security Paul Schmehl (Oct 26)
- Re: Coding securely, was Linux (in)security coderman (Oct 26)
- Re: Coding securely, was Linux (in)security Brett Hutley (Oct 26)
- Re: Coding securely, was Linux (in)security Valdis . Kletnieks (Oct 26)
- Re: Coding securely, was Linux (in)security Brett Hutley (Oct 26)
- Re: [inbox] Re: RE: Linux (in)security Gregory A. Gilliss (Oct 26)
- Re: [inbox] Re: RE: Linux (in)security Bill Royds (Oct 26)
- Re: [inbox] Re: RE: Linux (in)security Bruce Ediger (Oct 26)
- Re: [inbox] Re: RE: Linux (in)security Stormwalker (Oct 27)
- Re: [inbox] Re: RE: Linux (in)security Bill Royds (Oct 27)