Re: safe strcpy()?

From: Ed Carp (ercat_private)
Date: Tue Jan 28 2003 - 01:44:24 PST

Next message: Michal Zalewski: "Re: safe strcpy()?"

Previous message: Michal Zalewski: "Re: safe strcpy()?"
In reply to: Michal Zalewski: "Re: safe strcpy()?"
Next in thread: Michal Zalewski: "Re: safe strcpy()?"
Reply: Michal Zalewski: "Re: safe strcpy()?"
Reply: Timo Sirainen: "Re: safe strcpy()?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 28 Jan 2003, Michal Zalewski wrote:

> There are several interesting ways to prevent the problem without making
> major changes to the code, however. One of better ideas I've seen is to
> register buffer sizes when buffers are created. It takes few more lines
> when you create an object, but this is the only effort you need to make.
> Buffers are later deregistered from your own free(), for heap memory - and
> your own function epilogue, for stack. With some help from the compiler
> and linker, two last steps involve no changes to your existing code. If
> your code uses mapped memory, you might also want to cover munmap and
> such.
> 
> You just call register_buf() whenever you create an array, a structure or
> such. Its address, length and element size would be stored, so that you
> can query for a buffer at any time, and perhaps decide, based on element
> size, if its suitable for the operation you are about to perform (so that
> when you have a number of buffers inside an array, and you only added the
> array to implement index range checking, but forgot to add single buffers,
> your code would not overwrite other elements when modifying one, but
> rather bail out because of element size mismatch).
> 
> The approach is not perfect, but can be quite helpful.

I wasn't able to find such a function - do you have an example?

Most of the buffers we use are fixed-size, to side-step problems with 
malloc() and free(), and so we've been able to partially get around this 
problem by writing strcpy() as a macro - for example:

char buf[512];

our_strcpy(buf, source);

if our_strcpy() is written as a macro, then sizeof(buf) will return 512, 
and so we can do bounds checking.  The problem comes in when someone does 
something like:

ptr = buf;
our_strcpy(ptr, source);

How can one determine the size of the buffer being pointed to?  
sizeof(ptr) returns 4 :(  Technically, that's correct, but that's not what 
I meant ;)
-- 
Ed Carp, N7EKG          http://www.pobox.com/~erc               214/986-5870
Licensed Texas Peace Officer
Computer Crime Investigation Consultant

Director, Software Development
Escapade Server-Side Scripting Engine Development Team
http://www.squishedmosquito.com

Microsoft Front Page - the official HTML editor of Al Qaeda
Microsoft Hotmail - the official email of Al Qaeda

Next message: Michal Zalewski: "Re: safe strcpy()?"
Previous message: Michal Zalewski: "Re: safe strcpy()?"
In reply to: Michal Zalewski: "Re: safe strcpy()?"
Next in thread: Michal Zalewski: "Re: safe strcpy()?"
Reply: Michal Zalewski: "Re: safe strcpy()?"
Reply: Timo Sirainen: "Re: safe strcpy()?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 09:15:51 PST