On Tue, 2003-01-28 at 11:44, Ed Carp wrote: > if our_strcpy() is written as a macro, then sizeof(buf) will return 512, > and so we can do bounds checking. The problem comes in when someone does > something like: > > ptr = buf; > our_strcpy(ptr, source); > > How can one determine the size of the buffer being pointed to? > sizeof(ptr) returns 4 :( Technically, that's correct, but that's not what > I meant ;) I'd suggest not using C's string handling functions at all, they're way too annoying to be used safely (or at all, really). There's many libraries that make things easier for you, GLIB and libowfat comes to my mind at first. I've also put a stripped down version of my library available at http://irccrew.org/~cras/security/lib/
This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 10:44:52 PST