safe strcpy()?

From: Ed Carp (erc@pobox.com)
Date: 01/28/03

Next message: lists@notatla.demon.co.uk: "Re: malicious code"

Previous message: Crispin Cowan: "Re: malicious code"
Next in thread: Crispin Cowan: "Re: safe strcpy()?"
Reply: Crispin Cowan: "Re: safe strcpy()?"
Reply: Michal Zalewski: "Re: safe strcpy()?"
Maybe reply: Brandon Erhart: "Re: safe strcpy()?"
Maybe reply: Michael Howard: "RE: safe strcpy()?"
Maybe reply: mlh@zip.com.au: "Re: safe strcpy()?"
Maybe reply: Hall, Philip: "RE: safe strcpy()?"
Maybe reply: Michael Howard: "RE: safe strcpy()?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 28 Jan 2003 00:56:13 -0600 (CST)
From: Ed Carp <erc@pobox.com>
To: secprog@securityfocus.com

I've been skimming the discussions regarding strcpy() and friends, and the
thought arises that none of the string copy functions can be guaranteed to
be particularly safe, because the copy can always overwrite the memory
space allocated for the output buffer.

This lef me to go back to my C textbooks (which I hadn't liiked in almost
20 years!), and start looking for a way to figure out how to determine how
much space was allocated to a string. I was rather surprised to find that
I couldn't find such an animal! Am I missing something here?

Consider the simple case of:

my_strcpy (char *to, char *from)
{
while(*from)
{
*to = *from;
to++;
from++;
}
return (from);
}

The problem arises if the memory allocation for from exceeds that for to.
Sizeof doesn't work - is there any way to programatically determine the
memory allocation for "to"? I'm not interested in manual manipulation of
code, or suggestions on changing coding style - there should be a way in
the language to determine the size of an object at runtime. Any clues
here?

Thanks, guys!

Next message: lists@notatla.demon.co.uk: "Re: malicious code"
Previous message: Crispin Cowan: "Re: malicious code"
Next in thread: Crispin Cowan: "Re: safe strcpy()?"
Reply: Crispin Cowan: "Re: safe strcpy()?"
Reply: Michal Zalewski: "Re: safe strcpy()?"
Maybe reply: Brandon Erhart: "Re: safe strcpy()?"
Maybe reply: Michael Howard: "RE: safe strcpy()?"
Maybe reply: mlh@zip.com.au: "Re: safe strcpy()?"
Maybe reply: Hall, Philip: "RE: safe strcpy()?"
Maybe reply: Michael Howard: "RE: safe strcpy()?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: The Strinx Library
... The Strinx philosophy is that a library should not enforce a ... >> technique. ... >> string. ... >> an extra memory allocation and copy. ...
(comp.lang.cpp)
Re: Efficient use of results of [binary scan]
... And memory allocation is *definitely* comparatively slow ... The same trick is ... naif solution, for my 100K string. ... DOULOS - Developing Design Know-how ...
(comp.lang.tcl)
Re: HLA Lib
... then have ten times that amount wasted by a memory allocation call. ... string management information into only nine bytes. ... Even on 32-bit systems, virtual memory size doesn't matter much, and as ... but assembly language programmers should learn to pay attention to ...
(alt.lang.asm)
Re: Problem using copy.copy with my own class
... have a string associated with the int. ... By subclassing int to add a string, ... How do I know when the memory allocation ... between pickling and copying here. ...
(comp.lang.python)
Re: Difference between String variable and String Class definition
... Duane Evenson wrote: ... as each other about memory allocation or not? ... It copies the string from the first place to the new place ... I would have thought its was syntactic sugar, ...
(comp.lang.java.programmer)