Re: safe strcpy()?

From: Michal Zalewski (lcamtufat_private)
Date: Tue Jan 28 2003 - 02:09:08 PST

  • Next message: Brandon Erhart: "Re: safe strcpy()?"

    On Tue, 28 Jan 2003, Ed Carp wrote:
    
    > I wasn't able to find such a function - do you have an example?
    
    I'm pretty convinced I've seen at least a discussion about such an
    implementation, quite unfortunately, I can't find any references right
    now. Perhaps other readers could help.
    
    > How can one determine the size of the buffer being pointed to?
    
    Once again, you can't, not with a standard compiler. It's simply not
    tracked. A pointer to any type is, physically speaking, just a memory
    address, and char x[nnn] is just a chunk of nnn bytes with no extra meta
    data. This is the power and the weakness of C. Your have five options,
    essentially:
    
      - Use a range checking compiler that emits and tracks this additional
        information (and generates a slower code; plus, not all platforms
        would have a compiler with such an option, I imagine),
    
      - Implement manual passing of the information by adding a length
        parameter to all functions that operate on buffers (and rewrite
        most of your code),
    
      - Implement your own "text buffer" type to pass this information
        automagically (you still need to change lots of code),
    
      - Implement a "buffer size registry" as described in my previous post,
        which also might have its problems and not work with all compilers,
    
      - ...or, per Crispin's suggestion, use a runtime checker like
        StackGuard. It's not unbreakable, but can stop many common problems
        (by preventing the attacker from taking advantage of an overflow,
        not by preventing it from happening in the first place).
    
    -- 
    ------------------------- bash$ :(){ :|:&};: --
     Michal Zalewski * [http://lcamtuf.coredump.cx]
        Did you know that clones never use mirrors?
    --------------------------- 2003-01-28 01:53 --
    



    This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 09:29:29 PST