Re: safestr alpha (Safe C String Library)

On Tue, Feb 11, 2003, John Viega wrote:

> Yes, we're still trying to figure out the mechanism via which we want
> to handle such things. The big problem with returning error codes,
> etc. is that there's a strong tendency to ignore results than indicate
> an error.

Yes, you should not care about this issue. It's not your fault, if the programmer, that has this tendency, should waste his time in a more productive way.  

> When potentially security-critical problems come up, I would rather
> just see the program die if there's any significant chance of the
> programmer failing to check the error condition and leaving the program
> in an insecure state.

But this limits the library functionality, if for example do I wish use your library in my Perl/Python/PHP wrapper?  

> We are leaning toward providing a callback for when a "fatal" error
> occurs. The default will be to print an error message and abort. This
> solution gives the programmer some flexibility, and even avoids
> needlessly adding a bunch of additional error conditions to check. On
> the down side, it can be difficult to figure out the exact context of
> failure and recover gracefully.

Or in a more simple way (even if it's not smart): typedef struct error_c
{
unsigned int type; /* type of error*/
char *function;
} error_ctx;

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

and pass it towards functions (ie.):

char *function_1(const char *someinput, error_ctx *error);

so the programmer can check it, ie:
error_ctx error;
char *result;

result = function_1("goofyski",&error);

if (error.type==ILLEGAL_STRING)

    {
    fprintf(stderr,"Insecure string");
    exit(1);
    }

Cheers,
deneb. Received on Tue Feb 11 12:08:58 2003