Re: New Microsoft Security Tool for developers

[der Mouse <mouse () Rodents Montreal QC CA>]

> > void noOverflow(char *str)
> > {
> > char buffer[10];
> > strncpy(buffer,str,(sizeof(buffer)-1));
> > buffer[(sizeof(buffer)-1)]=0;
> > /* Avoiding buffer flow with the above two lines */
> > }

> [...]  For example, wouldn't the following achieve the desired effect
> of sanitizing str?

> if(NULL != str)
>       str[9] = '\0';

No; the semantics are very different - your way modifies the string
pointed to by the argument, whereas the code as quoted makes a copy of
the first up-to-9 chars and never affects the argument.  (Worse, if the
argument string is shorter than 9 characters, your code drops a '\0'
somewhere beyond its end.)

To return to the "what is noOverflow's interface spec?" point I made in
a previous message, any or all of these could be correct, if - if! -
they are what noOverflow is intended and documented to do.  We simply
are not given enough information to tell whether there are any bugs.

> In addition, using the character constant '\0' instead of the literal
> number 0 allows us to be character set independent (not that I've
> ever seen a character set that didn't use 0 for the null character).

If there is any difference between them with respect to character set
independence, the language in question is not C; '\0' is defined to be
semantically identical to 0 in C - each is an integer constant with
value 0.  Any difference between them is entirely in the mind of the
writer or reader.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               [EMAIL PROTECTED]
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B