Re: Stack growth direction to thwart buffer overflow attacks
From: Frank Cusack (fcusack_at_fcusack.com)
Date: 08/19/03
- Previous message: Martin Schoen: "Re: using tcpd to block ports?"
- In reply to: Tony Nelson: "Re: Stack growth direction to thwart buffer overflow attacks"
- Next in thread: phn_at_icke-reklam.ipsec.nu: "Re: Stack growth direction to thwart buffer overflow attacks"
- Reply: phn_at_icke-reklam.ipsec.nu: "Re: Stack growth direction to thwart buffer overflow attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 18 Aug 2003 21:00:53 -0700
On Sat, 16 Aug 2003 13:05:20 -0400 Tony Nelson <tonynlsn@shore.net> wrote:
> Surely not. I prefer to use:
>
> target[0] = 0;
> strncat(target,source,sizeof(target));
>
> strncat puts a NUL at the end of the string.
No, it doesn't. This is a prime example of what I think is a worse
problem than the wrong language (C), it's not understanding how to
use the API.
strn* are NOT guaranteed to NUL terminate. They may do so on your
specific platform, which is where you lose because your code will be
used in unexpected ways on other platforms or other libc
implementations.
Why strn* were designed so poorly is another question.
/fc
- Previous message: Martin Schoen: "Re: using tcpd to block ports?"
- In reply to: Tony Nelson: "Re: Stack growth direction to thwart buffer overflow attacks"
- Next in thread: phn_at_icke-reklam.ipsec.nu: "Re: Stack growth direction to thwart buffer overflow attacks"
- Reply: phn_at_icke-reklam.ipsec.nu: "Re: Stack growth direction to thwart buffer overflow attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
