Re: Secure coding in C (was Re: Administrivia #4883)

[kmartin () PIONEER-NET COM (K Martin)]

Brian Masney wrote:
> > ]     char *a = something();
> > ]     char *b = something_else();
> > ]     int len = strlen(a) + strlen(b);
> > ]     char *c = malloc(len + 1) || die("malloc");
> > ]     (void) strcat(strcpy(c, a), b);

I'm partial to strncpy(); strcpy is a known hobgoblin to secure programming.

> > ]
> > ] BTW, what I ended up coding instead of that last line (as it grew
> > ] way more complex) was equivalent to:
> > ]
> > ]     snprintf(c, len, "%s%s", a, b) > 0 || die "snprintf";
>
> On some UNIX systems, snprintf does not guarentee that it will nul
> terminate the string. I know on some older versions of libc5 (sorry,
> don't have an exact version), if the buffer you was writing to got to the
> max size you passed it, it would stop there without adding the nul. So,
> you'll run into problems later on if you pass it to a string
> function (like strcpy())
>
> > I would like to point out glib - it si available from ftp.gtk.org and its
> > mirrors. It is mainly a utility function library, widely used in Gtk+ and
> > GNOME, but it has nothing to do with GUI at all. Particularly interesting
> > is its GString object (yes, object; OOP is possible in C). To quote the
> > manual:
>
> glib also has many other string functions as well, like g_snprintf().
> snprintf() is a GNU extension, and it isn't implemented across all unix
> platforms.
>
> Brian

Has anyone used GNU readline? I like it *alot*, but I am not sure if it
leaves you open to a heap overflow.

--
--------------------------------------------------
Karl Martin --  kmartin () pioneer-net com
"SYNTAX ERROR IN 9000" -- C64
"I'm afraid I can't allow that, Dave." -- Hal9000
--------------------------------------------------