Re: safe strcpy()?

From: Timo Sirainen (tssat_private)
Date: Tue Jan 28 2003 - 10:37:37 PST

  • Next message: r s: "Application to Application authentication models...."

    On Tue, 2003-01-28 at 11:44, Ed Carp wrote:
    > if our_strcpy() is written as a macro, then sizeof(buf) will return 512, 
    > and so we can do bounds checking.  The problem comes in when someone does 
    > something like:
    > 
    > ptr = buf;
    > our_strcpy(ptr, source);
    > 
    > How can one determine the size of the buffer being pointed to?  
    > sizeof(ptr) returns 4 :(  Technically, that's correct, but that's not what 
    > I meant ;)
    
    I'd suggest not using C's string handling functions at all, they're way
    too annoying to be used safely (or at all, really). There's many
    libraries that make things easier for you, GLIB and libowfat comes to my
    mind at first. I've also put a stripped down version of my library
    available at http://irccrew.org/~cras/security/lib/
    



    This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 10:44:52 PST