Hosting Provided By

RE: safe strcpy()?

From: Ed Carp <erc(at)pobox.com>
Date: Wed Jan 29 2003 - 20:53:37 EST

On Wed, 29 Jan 2003, Daniel Reed wrote:

> Replacing strcpy()'s with strncpy()'s will not solve all problems,

Replacing strcpy() with strncpy() does NOTHING to fix the destination overflow problem, which is a train wreck waiting to happen.

> Using manipulation routines that ensure the string is large enough

The way to fix this is to just ignore everything that comes in when your buffer is full. Closing the socket is a rather effective, if rude<g> way to let the other side know it's sending you too much!

-- 
Ed Carp, N7EKG          
http://www.pobox.com/~erc               214/986-5870
Licensed Texas Peace Officer
Computer Crime Investigation Consultant

Director, Software Development
Escapade Server-Side Scripting Engine Development Team
http://www.squishedmosquito.com

Microsoft Front Page - the official HTML editor of Al Qaeda
Microsoft Hotmail - the official email of Al Qaeda

Received on Thu Jan 30 12:40:10 2003

This message: [ Message body ]
Next message: Crispin Cowan: "Re: safe strcpy()?"
Previous message: Timo Sirainen: "Re: safe strcpy()?"
In reply to Daniel Reed: "RE: safe strcpy()?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:46 EDT