Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New Microsoft Security Tool for developers

From: Steve Litt <slitt () troubleshooters com>
Date: Fri, 12 Dec 2003 19:41:21 +0000
On Friday 12 December 2003 10:10 am, Liudvikas Bukys wrote:



Okay, now to this little gem. What's wrong with this code? It's a code
sample I saw recently on outlining a safe way to write buffer overrun-free
code.

void noOverflow(char *str)
{
char buffer[10];
strncpy(buffer,str,(sizeof(buffer)-1));
buffer[(sizeof(buffer)-1)]=0;
/* Avoiding buffer flow with the above two lines */
}


If there's something wrong with it I'm in trouble, because I use the preceding 
algorithm frequently. I suppose if buffer was 0 length it would be a problem, 
but nobody's that dumb.

SteveT

Steve Litt
Author: 
   * Universal Troubleshooting Process courseware
   * Troubleshooting Techniques of the Successful Technologist
   * Rapid Learning: Secret Weapon of the Successful Technologist
Webmaster
   * Troubleshooters.Com
   * http://www.troubleshooters.com

(Legal Disclaimer) Follow these suggestions at your own risk.
Previous By Date Next
Previous By Thread Next

Current thread: