Re: safe strcpy()?

On Tue, 28 Jan 2003, Ed Carp wrote:

> This lef me to go back to my C textbooks (which I hadn't liiked in

Not really. C itself does not provide any built-in mechanism for passing sizes of buffers or other objects. Sizeof() is merely replaced with the storage size of whatever you passed to it during the compilation, and is not a runtime mechanism for determining the size of an object you point to.

> I'm not interested in manual manipulation of code, or suggestions on

No. C is a fairly low-level language. There are some versions of C that generate code with range checking and such, but it's not very common (and not always as effective as in other languages).

You think what made C co popular?;-) If you write your code in range checked, strong typed language, you get some strange errors all the time... if you write it in C, it runs, *maybe* sometimes behaves strangely because some variable gets overwritten, but hey, good enough to release ;-)

For dynamically allocated memory, you might want to use malloc_usable_size() in glibc, or a similar mechanism available for your OS, but that works well only if the buffer is a separate chunk. It's a limited, non-portable and often dangerous approach, and most likely requires some coding style changes anyway, just to keep all buffers in separate chunks.

There are several interesting ways to prevent the problem without making major changes to the code, however. One of better ideas I've seen is to register buffer sizes when buffers are created. It takes few more lines when you create an object, but this is the only effort you need to make. Buffers are later deregistered from your own free(), for heap memory - and your own function epilogue, for stack. With some help from the compiler and linker, two last steps involve no changes to your existing code. If your code uses mapped memory, you might also want to cover munmap and such.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

You just call register_buf() whenever you create an array, a structure or such. Its address, length and element size would be stored, so that you can query for a buffer at any time, and perhaps decide, based on element size, if its suitable for the operation you are about to perform (so that when you have a number of buffers inside an array, and you only added the array to implement index range checking, but forgot to add single buffers, your code would not overwrite other elements when modifying one, but rather bail out because of element size mismatch).

The approach is not perfect, but can be quite helpful.

-- 
------------------------- bash$ :(){ :|:&};: --
 Michal Zalewski * [
http://lcamtuf.coredump.cx]
    Did you know that clones never use mirrors?
--------------------------- 2003-01-28 00:41 --