Hosting Provided By

safe strcpy()?

From: Ed Carp <erc(at)pobox.com>
Date: Tue Jan 28 2003 - 01:56:13 EST

I've been skimming the discussions regarding strcpy() and friends, and the thought arises that none of the string copy functions can be guaranteed to be particularly safe, because the copy can always overwrite the memory space allocated for the output buffer.

This lef me to go back to my C textbooks (which I hadn't liiked in almost 20 years!), and start looking for a way to figure out how to determine how much space was allocated to a string. I was rather surprised to find that I couldn't find such an animal! Am I missing something here?

Consider the simple case of:

my_strcpy (char *to, char *from)
{

while(*from)
{

*to = *from;
to++;
from++;
}
return (from);
}

The problem arises if the memory allocation for from exceeds that for to. Sizeof doesn't work - is there any way to programatically determine the memory allocation for "to"? I'm not interested in manual manipulation of code, or suggestions on changing coding style - there should be a way in the language to determine the size of an object at runtime. Any clues here?

Thanks, guys! Received on Tue Jan 28 02:40:58 2003

This message: [ Message body ]
Next message: lists(at)notatla.demon.co.uk: "Re: malicious code"
Previous message: Crispin Cowan: "Re: malicious code"
Next in thread: Crispin Cowan: "Re: safe strcpy()?"
Reply: Crispin Cowan: "Re: safe strcpy()?"
Reply: Michal Zalewski: "Re: safe strcpy()?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:45 EDT