Hosting Provided By

Re: safe strcpy()?

From: Crispin Cowan <crispin(at)wirex.com>
Date: Tue Jan 28 2003 - 17:49:45 EST

Michal Zalewski wrote:

>[encoding buffer size with the buffer]
>
>
>I'm pretty convinced I've seen at least a discussion about such an
Not sure if this is what you're referring to ... DJB (Dan Bernstein) built a string manipulation library as part of his qmail implementation. This string library *completely* disposes of C's null-terminated string idiom in favor of strings being an object that contains base and bounds information. This has the advantage of being much safer (strcpy really does know the destination size, and will not overflow it) and the disadvantage of being more-or-less completely incompatible with current C code.

Crispin

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX                      
http://wirex.com/~crispin/
Security Hardened Linux Distribution:       
http://immunix.org
Available for purchase: 
http://wirex.com/Products/Immunix/purchase.html
			    Just say ".Nyet"

application/pgp-signature attachment: stored

Received on Tue Jan 28 18:06:06 2003

This message: [ Message body ]
Next message: Brian Reichert: "Re: Can System() of Perl be bypassed?"
Previous message: NESTING, DAVID M (SBCSI): "RE: Can System() of Perl be bypassed?"
In reply to Michal Zalewski: "Re: safe strcpy()?"
Next in thread: Steffen Dettmer: "Re: safe strcpy()?"
Reply: Steffen Dettmer: "Re: safe strcpy()?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:46 EDT