Vulnerability Development mailing list archives
Re: Secure coding in C (was Re: Administrivia #4883)
From: kmartin () PIONEER-NET COM (K Martin)
Date: Sun, 16 Jan 2000 23:03:17 +0000
Brian Masney wrote:
] char *a = something(); ] char *b = something_else(); ] int len = strlen(a) + strlen(b); ] char *c = malloc(len + 1) || die("malloc"); ] (void) strcat(strcpy(c, a), b);
I'm partial to strncpy(); strcpy is a known hobgoblin to secure programming.
] ] BTW, what I ended up coding instead of that last line (as it grew ] way more complex) was equivalent to: ] ] snprintf(c, len, "%s%s", a, b) > 0 || die "snprintf";On some UNIX systems, snprintf does not guarentee that it will nul terminate the string. I know on some older versions of libc5 (sorry, don't have an exact version), if the buffer you was writing to got to the max size you passed it, it would stop there without adding the nul. So, you'll run into problems later on if you pass it to a string function (like strcpy())I would like to point out glib - it si available from ftp.gtk.org and its mirrors. It is mainly a utility function library, widely used in Gtk+ and GNOME, but it has nothing to do with GUI at all. Particularly interesting is its GString object (yes, object; OOP is possible in C). To quote the manual:glib also has many other string functions as well, like g_snprintf(). snprintf() is a GNU extension, and it isn't implemented across all unix platforms. Brian
Has anyone used GNU readline? I like it *alot*, but I am not sure if it leaves you open to a heap overflow. -- -------------------------------------------------- Karl Martin -- kmartin () pioneer-net com "SYNTAX ERROR IN 9000" -- C64 "I'm afraid I can't allow that, Dave." -- Hal9000 --------------------------------------------------
Current thread:
- Re: Secure coding in C (was Re: Administrivia #4883), (continued)
- Re: Secure coding in C (was Re: Administrivia #4883) spin0ff (Jan 16)
- ICQ >= 99* + CC Data (Was: Re: Administrivia #4883) Ken Williams (Jan 16)
- Re: ICQ >= 99* + CC Data Vanja Hrustic (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Liviu Daia (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Valery Dachev (Jan 17)
- Netdetect.exe with backdoor? (ICQ) WolF Knox (Jan 15)
- Re: Netdetect.exe with backdoor? (ICQ) Brad Griffin (Jan 15)
- Re: Secure coding in C (was Re: Administrivia #4883) Iván Arce (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) kay (Jan 15)
- Re: Secure coding in C (was Re: Administrivia #4883) Brian Masney (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) K Martin (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Paul Cardon (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) K Martin (Jan 17)
- Re: Secure coding in C (was Re: Administrivia #4883) Bennett Todd (Jan 17)
- Re: Secure coding in C (was Re: Administrivia #4883) Aviram Jenik (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Craig H. Rowland (Jan 17)
- Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days Solar Eclipse (Jan 17)
- Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days Blue Boar (Jan 17)
- Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days kay (Jan 18)
- Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21Days Blue Boar (Jan 18)
- e-commerce site security (was: Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days) Jon Paul, Nollmann (Jan 18)