Re: safe strcpy()?

On Tue, 28 Jan 2003, Michal Zalewski wrote:

> There are several interesting ways to prevent the problem without making

I wasn't able to find such a function - do you have an example?

Most of the buffers we use are fixed-size, to side-step problems with malloc() and free(), and so we've been able to partially get around this problem by writing strcpy() as a macro - for example:

char buf[512];

our_strcpy(buf, source);

if our_strcpy() is written as a macro, then sizeof(buf) will return 512, and so we can do bounds checking. The problem comes in when someone does something like:

ptr = buf;
our_strcpy(ptr, source);

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

How can one determine the size of the buffer being pointed to? sizeof(ptr) returns 4 :( Technically, that's correct, but that's not what I meant ;)

-- 
Ed Carp, N7EKG          
http://www.pobox.com/~erc               214/986-5870
Licensed Texas Peace Officer
Computer Crime Investigation Consultant

Director, Software Development
Escapade Server-Side Scripting Engine Development Team
http://www.squishedmosquito.com

Microsoft Front Page - the official HTML editor of Al Qaeda
Microsoft Hotmail - the official email of Al Qaeda