Secure Coding mailing list archives
Re: New Microsoft Security Tool for developers
From: Crispin Cowan <crispin () immunix com>
Date: Tue, 16 Dec 2003 01:04:01 +0000
Dana Epp wrote: It will copy UP TO len bytes from src to the dest. If the length of src is only 4 bytes, it will only copy 4 bytes to dest, and nullify the rest of the buffer of dest. As such, there is no information disclosure issues with this call as you describe the threat. I cannot find supporting documentation for the claim "and nullify the rest of the buffer of dest". IIRC, strncpy will copy a null byte from src to dst, but it does not nullify the rest of dst. Furthermore, the null byte is copied from src to dst IFF there is room for it. This is one of subtle "gotchas" of strncpy: if the string in src is exactly the length of the n parameter, then strncpy is perfectly happy to copy the text and *not* null-terminate it. This *can* leave you with an information leakage situation, in that subsequent attempts to puts or printf that string will dump the bytes past the end of dst until they hit a null. This semantics is screwed up. It is also defined standard. Thus leading to long flame wars about whether 'tis nobler in the mind to suffer the slings and arrows of crappy APIs, or to take up better APIs against a sea of standards documents, and by opposing, end them [Hamlet, sort of :] Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com Immunix 7.3 http://www.immunix.com/shop/
Current thread:
- Re: New Microsoft Security Tool for developers, (continued)
- Re: New Microsoft Security Tool for developers der Mouse (Dec 13)
- RE: New Microsoft Security Tool for developers Tegels, Kent (Dec 09)
- RE: New Microsoft Security Tool for developers Lewis, Todd (Dec 12)
- RE: New Microsoft Security Tool for developers Chris Richards (Dec 12)
- Re: New Microsoft Security Tool for developers der Mouse (Dec 13)
- RE: New Microsoft Security Tool for developers Gene Spafford (Dec 13)
- Re: New Microsoft Security Tool for developers Mark Graff (Dec 13)
- RE: New Microsoft Security Tool for developers Jannie Hanekom (Dec 14)
- Re: New Microsoft Security Tool for developers der Mouse (Dec 15)
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 15)
- Re: New Microsoft Security Tool for developers Crispin Cowan (Dec 15)
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 15)
- RE: New Microsoft Security Tool for developers Örjan Petersson (Dec 16)
- strncpy (was: Re: New Microsoft Security Tool for developers) David A. Wheeler (Dec 16)
- Re: strncpy (was: Re: New Microsoft Security Tool for developers) Florian Weimer (Dec 17)
- Re: New Microsoft Security Tool for developers Dave Aronson (Dec 15)
- Re: New Microsoft Security Tool for developers Gene Spafford (Dec 17)
- Re: New Microsoft Security Tool for developers Mikey (Dec 17)