Re: Standards for developing secure software

• Previous message: John Hanna: "Re: protecting perl script source"
• In reply to: Glynn Clements: "RE: Standards for developing secure software"
• Next in thread: jasonk: "RE: Standards for developing secure software"
• Next in thread: Stormwalker: "RE: Standards for developing secure software"
• Reply: jasonk: "RE: Standards for developing secure software"
• Reply: Ben Pfaff: "Re: Standards for developing secure software"
• Reply: Pavel Kankovsky: "Re: Standards for developing secure software"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 24 Jan 2003 03:42:44 GMT, Glynn Clements <glynn.clementsat_private>  said:

> Here's my suggestion for where to start:
> 
> 	Don't assume that It Won't Happen
> 
> If someone can obtain a benefit by Making It Happen, then there's a
> good chance that It Will Happen.
> 
> What will happen if the string is too long? What if it contains
> "unusual" characters? What if the integer is negative, or zero?

What if the string length is negative? (and yes, I've seen a C strlen()
return a negative value, when another thread trashed the stack and corrupted
the return value).

• application/pgp-signature attachment: stored

• Next message: Dr. Ernst Molitor: "Re: protecting perl script source"
• Previous message: John Hanna: "Re: protecting perl script source"
• In reply to: Glynn Clements: "RE: Standards for developing secure software"
• Next in thread: jasonk: "RE: Standards for developing secure software"
• Next in thread: Stormwalker: "RE: Standards for developing secure software"
• Reply: jasonk: "RE: Standards for developing secure software"
• Reply: Ben Pfaff: "Re: Standards for developing secure software"
• Reply: Pavel Kankovsky: "Re: Standards for developing secure software"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 01:11:20 PST