Re: Stack growth direction to thwart buffer overflow attacks
phn_at_icke-reklam.ipsec.nu
Date: 08/19/03
- Previous message: Frank Cusack: "Re: Stack growth direction to thwart buffer overflow attacks"
- In reply to: Nick Maclaren: "Re: Stack growth direction to thwart buffer overflow attacks"
- Next in thread: Frank Cusack: "Re: Stack growth direction to thwart buffer overflow attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 19 Aug 2003 15:58:09 +0000 (UTC)
In comp.security.misc Nick Maclaren <nmm1@cus.cam.ac.uk> wrote:
> In article <3F4241D6.1090404@cavtel.net>, jonah thomas <j2thomas@cavtel.net> writes:
> |> Nick Maclaren wrote:
> |>
> |> > The history of the C library is complicated beyond belief; I estimate
> |> > that I know no more than 20% of it, and can blow most outsider's
> |> > minds by describing what I do know! There are reasons for this,
> |> > and the complexity is nobody's fault, whether or not any blame can
> |> > be assigned for the flaws in the result (which is, in itself,
> |> > not certain).
> |>
> |> Is there a group or site where you would (or have) told such stories?
> |> Would you mind providing a few links or keywords?
> Perhaps, but I am not the best source, as the above implies!
> Look at the rationale for pointers, at various histories of Unix
> (especially Berkeley), and at the various C implementations for
> MS-DOS and similar systems in the 1980s.
> Regards,
> Nick Maclaren.
Maybe a "real-life" example of the discussed strncat(3) could be of value,
it's neither complicated nor obscure.
/*-
* Copyright (c) 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Chris Torek.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#if defined(LIBC_SCCS) && !defined(lint)
static char sccsid[] = "@(#)strncat.c 8.1 (Berkeley) 6/4/93";
#endif /* LIBC_SCCS and not lint */
#ifndef lint
static const char rcsid[] =
"$FreeBSD: src/lib/libc/string/strncat.c,v 1.1.1.1.14.1 2001/07/09 23:30:07 obrien Exp $";
#endif
#include <sys/cdefs.h>
#include <string.h>
/*
* Concatenate src on the end of dst. At most strlen(dst)+n+1 bytes
* are written at dst (at most n+1 bytes being appended). Return dst.
*/
char *
strncat(dst, src, n)
char *dst;
const char *src;
register size_t n;
{
if (n != 0) {
register char *d = dst;
register const char *s = src;
while (*d != 0)
d++;
do {
if ((*d = *s++) == 0)
break;
d++;
} while (--n != 0);
*d = 0;
}
return (dst);
}
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
- Previous message: Frank Cusack: "Re: Stack growth direction to thwart buffer overflow attacks"
- In reply to: Nick Maclaren: "Re: Stack growth direction to thwart buffer overflow attacks"
- Next in thread: Frank Cusack: "Re: Stack growth direction to thwart buffer overflow attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
