|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
RE: Are bad developer libraries the problem with M$ software?
Date: Fri Nov 22 2002 - 13:41:40 EST
>>C'mon people, this really is beginner stuff.
What's truly interesting about this, is this is how buffer overruns occur!! Simply incorrect assumptions. When I speak to large developer audiences I always ask, "how many of you think you must accommodate the for the trailing '\0' character when determining buffer size in the 'n' functions?", overwhelmingly, 50% say yes, and 50% say no.
Cheers, Michael
Secure Windows Initiative
Writing Secure Code
http://www.microsoft.com/mspress/books/5612.asp
-----Original Message-----
From: Andrew Dalgleish [mailto:secprog@andrewdalgleish.dyndns.org]
Sent: Tuesday, November 19, 2002 2:58 PM
To: secprog@securityfocus.com
On Mon, Nov 18, 2002 at 09:25:46PM -0600, Frank Knobbe wrote:
> On Mon, 2002-11-18 at 17:10, Andrew Griffiths wrote:
long.
> >
> > In specific,
> >
> > 50 - 50 - 1 == -1
>
> If sizeof(dst) is 50, then a 0 terminated string is is 49 chars long
> there is no room left in dst.
>
> Of course in your example you allow dst to overflow in the strncpy.
> Using
> strncpy(dst, user_supplied_data, sizeof(dst)-1); would have
> prevented that if my math is correct.
No, it would not. strncpy does NOT append the trailing 0 if the length of the source is greater than or equal to the count.
Using sizeof(dst)-1 will leave the last byte in the buffer unchanged. If dst is on the stack there is no guarantee the string is terminated. To be sure, you would *also* need to add dst[sizeof(dst)-1] = 0;
C'mon people, this really is beginner stuff. Please RTFM before you post well-meaning advice.
You might also like to look at the bsd-style strlcpy/strlcat functions. Received on Mon Nov 25 13:50:27 2002
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:44 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |