Re: Stack growth direction to thwart buffer overflow attacks

phn_at_icke-reklam.ipsec.nu
Date: 08/19/03 

Date: Tue, 19 Aug 2003 07:57:42 +0000 (UTC)

In comp.security.misc Frank Cusack <fcusack@fcusack.com> wrote:
> On Sat, 16 Aug 2003 13:05:20 -0400 Tony Nelson <tonynlsn@shore.net> wrote:
>> Surely not. I prefer to use:
>>
>> target[0] = 0;
>> strncat(target,source,sizeof(target));
>>
>> strncat puts a NUL at the end of the string.

> No, it doesn't. This is a prime example of what I think is a worse
> problem than the wrong language (C), it's not understanding how to
> use the API.

Quoting from FreeBSD's manpage for strncat(3) :
LIBRARY
     Standard C Library (libc, -lc)

SYNOPSIS
     #include <string.h>

     char *
     strcat(char *s, const char *append);

     char *
     strncat(char *s, const char *append, size_t count);

DESCRIPTION
     The strcat() and strncat() functions append a copy of the null-terminated
     string append to the end of the null-terminated string s, then add a ter­
     minating `\0'. The string s must have sufficient space to hold the
     result.

     The strncat() function appends not more than count characters from
     append, and then adds a terminating `\0'.

> strn* are NOT guaranteed to NUL terminate. They may do so on your
> specific platform, which is where you lose because your code will be
> used in unexpected ways on other platforms or other libc
> implementations.

> Why strn* were designed so poorly is another question.

Maybe some reading will make this clear ?

> /fc 

-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

Relevant Pages

  • Re: VB6, VB2005, or Something Else?
    ... Do not confuse language issues with implementation issues. ... which automatically convert to any native data type. ... conversion if you pass an integer to a function needing a string. ... always be platform sensitive to some degree. ...
    (microsoft.public.vb.general.discussion)
  • Re: OT: I read this to-day...
    ... >> Umra please discuss. ... have difficulty understanding ones like "how ... the "how long is a piece of string" really got ... Make a game of it with a large group of people from all round the world, and if you add 'can you give us something in your language that means the same?', its easy for someone with enough language to study at higher ed level to join in. ...
    (uk.media.radio.archers)
  • RE: IE headers w patch level - new info
    ... Internet Settings\User Agent\Post Platform ... String Value: Q312461 ... The patch information that Internet Explorer displays ... logfiles, under the UserAgent field. ...
    (Focus-Microsoft)
  • Re: Stack growth direction to thwart buffer overflow attacks
    ... > problem than the wrong language, it's not understanding how to ... The string s must have sufficient space to hold the ... > specific platform, which is where you lose because your code will be ...
    (comp.security.misc)
  • Re: Getting font version from TT font
    ... Check TTF spec for language ID, platform ID, and ID for version string. ... table in a truetype font so as to retrieve the version from the font? ...
    (microsoft.public.win32.programmer.gdi)