Re: safe strcpy()?

From: Ed Carp (ercat_private)
Date: Tue Jan 28 2003 - 01:44:24 PST

  • Next message: Michal Zalewski: "Re: safe strcpy()?"

    On Tue, 28 Jan 2003, Michal Zalewski wrote:
    
    > There are several interesting ways to prevent the problem without making
    > major changes to the code, however. One of better ideas I've seen is to
    > register buffer sizes when buffers are created. It takes few more lines
    > when you create an object, but this is the only effort you need to make.
    > Buffers are later deregistered from your own free(), for heap memory - and
    > your own function epilogue, for stack. With some help from the compiler
    > and linker, two last steps involve no changes to your existing code. If
    > your code uses mapped memory, you might also want to cover munmap and
    > such.
    > 
    > You just call register_buf() whenever you create an array, a structure or
    > such. Its address, length and element size would be stored, so that you
    > can query for a buffer at any time, and perhaps decide, based on element
    > size, if its suitable for the operation you are about to perform (so that
    > when you have a number of buffers inside an array, and you only added the
    > array to implement index range checking, but forgot to add single buffers,
    > your code would not overwrite other elements when modifying one, but
    > rather bail out because of element size mismatch).
    > 
    > The approach is not perfect, but can be quite helpful.
    
    I wasn't able to find such a function - do you have an example?
    
    Most of the buffers we use are fixed-size, to side-step problems with 
    malloc() and free(), and so we've been able to partially get around this 
    problem by writing strcpy() as a macro - for example:
    
    char buf[512];
    
    our_strcpy(buf, source);
    
    if our_strcpy() is written as a macro, then sizeof(buf) will return 512, 
    and so we can do bounds checking.  The problem comes in when someone does 
    something like:
    
    ptr = buf;
    our_strcpy(ptr, source);
    
    How can one determine the size of the buffer being pointed to?  
    sizeof(ptr) returns 4 :(  Technically, that's correct, but that's not what 
    I meant ;)
    -- 
    Ed Carp, N7EKG          http://www.pobox.com/~erc               214/986-5870
    Licensed Texas Peace Officer
    Computer Crime Investigation Consultant
    
    Director, Software Development
    Escapade Server-Side Scripting Engine Development Team
    http://www.squishedmosquito.com
    
    Microsoft Front Page - the official HTML editor of Al Qaeda
    Microsoft Hotmail - the official email of Al Qaeda
    



    This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 09:15:51 PST