Re: safe strcpy()?

On Tue, 28 Jan 2003, Ed Carp wrote:

> I wasn't able to find such a function - do you have an example?

I'm pretty convinced I've seen at least a discussion about such an implementation, quite unfortunately, I can't find any references right now. Perhaps other readers could help.

> How can one determine the size of the buffer being pointed to?

Once again, you can't, not with a standard compiler. It's simply not tracked. A pointer to any type is, physically speaking, just a memory address, and char x[nnn] is just a chunk of nnn bytes with no extra meta data. This is the power and the weakness of C. Your have five options, essentially:

• Use a range checking compiler that emits and tracks this additional information (and generates a slower code; plus, not all platforms would have a compiler with such an option, I imagine),
• Implement manual passing of the information by adding a length parameter to all functions that operate on buffers (and rewrite most of your code),
• Implement your own "text buffer" type to pass this information automagically (you still need to change lots of code),
• Implement a "buffer size registry" as described in my previous post, which also might have its problems and not work with all compilers,
• ...or, per Crispin's suggestion, use a runtime checker like StackGuard. It's not unbreakable, but can stop many common problems (by preventing the attacker from taking advantage of an overflow, not by preventing it from happening in the first place).

-- 
------------------------- bash$ :(){ :|:&};: --
 Michal Zalewski * [
http://lcamtuf.coredump.cx]
    Did you know that clones never use mirrors?
--------------------------- 2003-01-28 01:53 --