Re: safe strcpy()?
From: Crispin Cowan (crispin@wirex.com)
Date: 01/28/03
- Previous message: NESTING, DAVID M (SBCSI): "RE: Can System() of Perl be bypassed?"
- In reply to: Michal Zalewski: "Re: safe strcpy()?"
- Next in thread: Steffen Dettmer: "Re: safe strcpy()?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Jan 2003 14:49:45 -0800 From: Crispin Cowan <crispin@wirex.com> To: Michal Zalewski <lcamtuf@coredump.cx>
Michal Zalewski wrote:
>[encoding buffer size with the buffer]
>
>
>I'm pretty convinced I've seen at least a discussion about such an
>implementation, quite unfortunately, I can't find any references right
>now. Perhaps other readers could help.
>
Not sure if this is what you're referring to ... DJB (Dan Bernstein)
built a string manipulation library as part of his qmail implementation.
This string library *completely* disposes of C's null-terminated string
idiom in favor of strings being an object that contains base and bounds
information. This has the advantage of being much safer (strcpy really
does know the destination size, and will not overflow it) and the
disadvantage of being more-or-less completely incompatible with current
C code.
Crispin
-- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html Just say ".Nyet"
- application/pgp-signature attachment: stored
- Next message: Brian Reichert: "Re: Can System() of Perl be bypassed?"
- Previous message: NESTING, DAVID M (SBCSI): "RE: Can System() of Perl be bypassed?"
- In reply to: Michal Zalewski: "Re: safe strcpy()?"
- Next in thread: Steffen Dettmer: "Re: safe strcpy()?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
