Re: safe strcpy()?

On Wed, 2003-01-29 at 05:12, mlh@zip.com.au wrote:
> Indeed. What we want is a language compatible with

I don't see that much need for C++ once you've gathered yourself a nice set of library functions that allow you to easily do anything you (usually) want. Comparing libc-only code against anything is pretty pointless, it's always uglier and more difficult, but luckily you don't have to limit yourself to it.

And I'm not saying that you couldn't write better or at least prettier code with C++, but I think most of the C++ praising is simply about how much better libstdc++ is than libc. Only thing from C++ that I'd actually like to see in C is classes, they're a bit kludgy to implement with structs.

> int max = 20;
..
> if (i==max-1) { / / buffer full

Looks like an exploitable integer overflow there with 64bit systems.

> int main()
> {
> using namespace std; / / gain access to standard library

How much data can you write into name? Can you set a limit? Is there a default limit? How do you check if the limit was reached and result had to be truncated? What would the code look like with such checks? For such a simple example it might not matter, but it would for any real code.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

For comparing, here's how the above would be done with my library, with full error checking. It may not be as pretty as you could get it with C++, but I wouldn't say it's bad either.

#include 
#include "lib.h"
#include "istream.h"

int main(void) {
	struct istream *input;
	char *name = NULL;
	ssize_t ret;

	lib_init();
	printf("Please enter your first name:\n");

	/* read max. 1024 bytes, (size_t)-1 would work for infinite */
	input = i_stream_create_file(0, default_pool, 1024, FALSE);
	do {
		if ((ret = i_stream_read(input)) < 0)
			break;

		name = i_stream_next_line(input);
	} while (name == NULL);

	if (name != NULL)
		printf("Hello %s\n", name);
	else {
		if (ret == -2)
			printf("Your name is too long\n");
		else
			printf("EOF\n");
	}

	i_stream_unref(input);
	lib_deinit();
	return 0;