RE: safe strcpy()?

From: Ed Carp (erc@pobox.com)
Date: 01/29/03

Next message: Timo Sirainen: "Re: safe strcpy()?"

Previous message: Hall, Philip: "RE: safe strcpy()?"
In reply to: Michael Howard: "RE: safe strcpy()?"
Next in thread: mlh@zip.com.au: "Re: safe strcpy()?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 28 Jan 2003 19:06:48 -0600 (CST)
From: Ed Carp <erc@pobox.com>
To: Michael Howard <mikehow@microsoft.com>

On Tue, 28 Jan 2003, Michael Howard wrote:

> Of course, the real way to build secure software is not to use "safe"
> functions, but to check data validity :-)

The problem with this is if you have to retrofit millions of lines of old
code. Maybe Microsoft can afford to pay people to do this sort of donkey
work by hand, but we certainly can't! And how can you check data validity
in the destination when doing a string copy, anyway?

Are your safe handling header files checking destinations for string
copies?

--
Ed Carp, N7EKG          http://www.pobox.com/~erc               214/986-5870
Licensed Texas Peace Officer
Computer Crime Investigation Consultant
Director, Software Development
Escapade Server-Side Scripting Engine Development Team
http://www.squishedmosquito.com
Microsoft Front Page - the official HTML editor of Al Qaeda
Microsoft Hotmail - the official email of Al Qaeda

Next message: Timo Sirainen: "Re: safe strcpy()?"
Previous message: Hall, Philip: "RE: safe strcpy()?"
In reply to: Michael Howard: "RE: safe strcpy()?"
Next in thread: mlh@zip.com.au: "Re: safe strcpy()?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]