Re: [Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:
Valdis.Kletnieks_at_vt.edu
Date: 05/30/03
- Previous message: Georgi Guninski: "Re: [Full-Disclosure] NSFOCUS SA2003-05: Microsoft IIS ssinc.dll Over-long Filename Buffer Overflow Vulnerability"
- In reply to: democow ....: "[Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:"
- Next in thread: Schmehl, Paul L: "RE: [Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "democow ...." <democow8086@hotmail.com> Date: Fri, 30 May 2003 11:41:38 -0400
On Fri, 30 May 2003 04:05:32 -0000, "democow ...." <democow8086@hotmail.com> said:
> char * strcpy(char * dest,const char *src)
> {
> char *tmp = dest;
>
> [1] while ((*dest++ = *src++) != '\0')
> /* nothing */;
> return tmp;
> }
Kernighan & Ritchie, "The C Programming Language", had this in the first
edition - and correctly noted that this can be further optimized to:
while (*dest++ = *src++);
eliminating a comparison to '\0'. So not only is it insecure, but it's
inefficient, unless you have a *really* good optimizing compiler that can
tell that the comparison to null can be optimized away. And yes, you
need a *good* optimizer that can see that comparing to a null byte is
a special case (for instance, you can't optimize != '\n' the same way).
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/pgp-signature attachment: stored
- Previous message: Georgi Guninski: "Re: [Full-Disclosure] NSFOCUS SA2003-05: Microsoft IIS ssinc.dll Over-long Filename Buffer Overflow Vulnerability"
- In reply to: democow ....: "[Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:"
- Next in thread: Schmehl, Paul L: "RE: [Full-Disclosure] C99 Security Alert-Old-New-Who-Cares :) - (:"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
