Secure Coding mailing list archives
RE: New Microsoft Security Tool for developers
From: "Lewis, Todd" <todd.lewis () gs com>
Date: Fri, 12 Dec 2003 22:18:07 +0000
But in this case, without size information on str, strncpy is the right thing, no? I must confess that it looks fine to me... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Avner Peled Sent: Friday, December 12, 2003 10:53 AM To: [EMAIL PROTECTED] Subject: Re: [SC-L] New Microsoft Security Tool for developers I think he meant that strncpy is not the right function to use when dealing with raw buffers and it's better to use memcpy or the function mentioned in this paper: http://www.courtesan.com/todd/papers/strlcpy.html On Fri, 2003-12-12 at 17:10, Liudvikas Bukys wrote:
The Michael Howard MSDN article on the Windows Application Verifier closes with the following "little gem". I'm afraid that the answer does not leap out at me. Does anyone see through it? http://msdn.microsoft.com/library/en-us/dncode/html/secure12112003.asp ----- Okay, now to this little gem. What's wrong with this code? It's a code
sample I saw recently on outlining a safe way to write buffer overrun-free code.
void noOverflow(char *str) { char buffer[10]; strncpy(buffer,str,(sizeof(buffer)-1)); buffer[(sizeof(buffer)-1)]=0; /* Avoiding buffer flow with the above two lines */ }
Current thread:
- Re: New Microsoft Security Tool for developers, (continued)
- Re: New Microsoft Security Tool for developers Steve Litt (Dec 12)
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 12)
- Re: New Microsoft Security Tool for developers Steve Litt (Dec 12)
- Re: New Microsoft Security Tool for developers Jack D. Unrue (Dec 12)
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 13)
- Re: What's wrong with this code? Jared W. Robinson (Dec 12)
- RE: New Microsoft Security Tool for developers David Crocker (Dec 12)
- Re: New Microsoft Security Tool for developers der Mouse (Dec 13)
- Re: New Microsoft Security Tool for developers der Mouse (Dec 13)
- Re: New Microsoft Security Tool for developers der Mouse (Dec 13)
- Re: New Microsoft Security Tool for developers Mark Graff (Dec 13)
- Re: New Microsoft Security Tool for developers der Mouse (Dec 15)
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 15)
- Re: New Microsoft Security Tool for developers Crispin Cowan (Dec 15)
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 15)
- RE: New Microsoft Security Tool for developers Örjan Petersson (Dec 16)