Re: Standards for developing secure software

From: Valdis.Kletnieksat_private
Date: Fri Jan 24 2003 - 15:33:26 PST

  • Next message: Dr. Ernst Molitor: "Re: protecting perl script source"

    On Fri, 24 Jan 2003 03:42:44 GMT, Glynn Clements <glynn.clementsat_private>  said:
    
    > Here's my suggestion for where to start:
    > 
    > 	Don't assume that It Won't Happen
    > 
    > If someone can obtain a benefit by Making It Happen, then there's a
    > good chance that It Will Happen.
    > 
    > What will happen if the string is too long? What if it contains
    > "unusual" characters? What if the integer is negative, or zero?
    
    What if the string length is negative? (and yes, I've seen a C strlen()
    return a negative value, when another thread trashed the stack and corrupted
    the return value).
    
    
    
    



    This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 01:11:20 PST