Re: Standards for developing secure software

From: Pavel Kankovsky (peakat_private)
Date: Sat Jan 25 2003 - 14:07:03 PST

  • Next message: Rob McMillen: "webserver cgi question"

    On Fri, 24 Jan 2003 Valdis.Kletnieksat_private wrote:
    
    > On Fri, 24 Jan 2003 03:42:44 GMT, Glynn Clements <glynn.clementsat_private>  said:
    > > 
    > > What will happen if the string is too long? What if it contains
    > > "unusual" characters? What if the integer is negative, or zero?
    > 
    > What if the string length is negative? (and yes, I've seen a C
    > strlen() return a negative value, when another thread trashed the
    > stack and corrupted the return value).
    
    You take a loaded gun and kill any person responsible for the code of the
    other thread? <evil grin>
    
    Strictly speaking, a test for strlen() < 0 does not improve security
    because strlen() < 0 cannot happen without the help of (at least) one of
    the "trusted insiders"--the hardware, the OS kernel, the system libraries,
    the compiler...or any other thread running the same address space (or 
    at least having access to the vital parts of my thread's address
    space). (*)
    
    Of course, such a check might make penetration difficult or even
    impossible in certain cases but it is unable to *enforce* anything
    because a malevolent thread running in the same address space (or
    any other trusted part of the system) can circumvent it easily.
    
    (*) The situation when the result appears to be negative because it is
    too large to fit into the positive part of a signed type used for strlen()
    return value should be considered a bug in strlen()--it should either use
    a type able to represent the length of *any* possible string, or abort
    when it cannot return a meaningful result (a dead program is better that
    a misbehaving program).
    
    --Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
    "Resistance is futile. Open your source code and prepare for assimilation."
    



    This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 20:52:47 PST