RE: Off topic programming thread

["Schmehl, Paul L" <pauls () utdallas edu>]

> -----Original Message-----
> From: Brett Hutley [mailto:brett () hutley net] 
> Sent: Wednesday, October 29, 2003 12:13 AM
> To: Bill Royds
> Cc: madsaxon; full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] Off topic programming thread
>
> I think what you're really saying is that C allows 
> programmers to make 
> mistakes when dealing with areas of memory. The above 
> vulnerability is 
> based on a mistake in the code.
> (If I was to code the above prototype BTW, I'd probably make it more 
> like "static void defang(const char *str, char *dfstr, 
> unsigned dfsize)" 
> to indicate to programmers calling the function that the first 
> argument's contents is immutable, the second argument is the 
> destination 
> buffer, and the size shouldn't be negative).
Yes!  This is precisely what I am talking about.

If programmers wrote code like this, then they'd be perfectly justified,
for example, to simply return an error if dfsize was negative.  After
all, you were warned. :-)  It would be trivial to check for proper input
there and simply return an error if it's wrong.

So why isn't this the norm rather than the exception?  Or is it the
norm?

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html