RE: New Microsoft Security Tool for developers

["Jannie Hanekom" <jannie.hanekom () opendev net>]

I've been following this more as an enthusiast than a professional
developer, but isn't there potential for information leakage with that
code?  It always copies 9 bytes of data, regardless of the length of
str, meaning it can potentially place information in buffer that wasn't
in str in the first place.

Jannie

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Avner Peled
Sent: Friday, December 12, 2003 10:53 AM
To: [EMAIL PROTECTED]
Subject: Re: [SC-L] New Microsoft Security Tool for developers


I think he meant that strncpy is not the right function to use when
dealing with raw buffers and it's better to use memcpy or the function
mentioned in this paper:
http://www.courtesan.com/todd/papers/strlcpy.html

On Fri, 2003-12-12 at 17:10, Liudvikas Bukys wrote:

> The Michael Howard MSDN article on the Windows Application Verifier 
> closes with the following "little gem".  I'm afraid that the answer 
> does not leap out at me.  Does anyone see through it?
>
> http://msdn.microsoft.com/library/en-us/dncode/html/secure12112003.asp
>
> -----
>
> Okay, now to this little gem. What's wrong with this code? It's a code
sample I saw recently on outlining a safe way to write buffer
overrun-free code.
> void noOverflow(char *str)
> {
> char buffer[10];
> strncpy(buffer,str,(sizeof(buffer)-1));
> buffer[(sizeof(buffer)-1)]=0;
> /* Avoiding buffer flow with the above two lines */
> }