Re: Secure coding in C (was Re: Administrivia #4883)

[bet () RAHUL NET (Bennett Todd)]

2000-01-17-07:13:01 K Martin:
> I'm being misunderstood. My fault.

Actually, I think I own more of the fault here.

> Mr. Bennett's original example did not give me any indication as
> to the exact nature if something() and something_else().

That's true.

As it turns out, my actual code did in fact deserve some more
checking, which it has gotten from this review, but I did you all
a disservice by trying to make it generic before posting it. I saw
someone implying that a program must have exploitable
buffer-overflow bugs just because it used strcpy and strcat, and
thought I disagreed; I tried to provide an illustration of how they
could be used safely, and ended up making the implicit assumption
that the data being provided passed some reasonable sanity checks
(valid pointers to valid C strings, and the sum of their length able
to fit within size_t).

I think it has been a valuable discussion even if it has been more
abstract than usual; these misunderstandings seem to be illustrating
different ways that different people look at a problem, and they
have shed light on a lot of dark corners.

I've not yet come to a real conclusion of how I should organize my
code to deal with these problems. I may just hoist all string
processing up into Lua, since I was going to be using that as a
config language for the LDA anyway; that would solve all these
problems.

When I have something that compiles and does something useful, I'll
certainly make a point of announcing it on this list!

-Bennett

<HR NOSHADE>
<UL>
<LI>application/pgp-signature attachment: stored
</UL>