Re: safe strcpy()?

From: Timo Sirainen (tssat_private)
Date: Tue Jan 28 2003 - 10:37:37 PST

Next message: r s: "Application to Application authentication models...."

Previous message: Brandon Erhart: "Re: safe strcpy()?"
In reply to: Ed Carp: "Re: safe strcpy()?"
Next in thread: mlhat_private: "Re: safe strcpy()?"
Next in thread: Brandon Erhart: "Re: safe strcpy()?"
Reply: mlhat_private: "Re: safe strcpy()?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2003-01-28 at 11:44, Ed Carp wrote:
> if our_strcpy() is written as a macro, then sizeof(buf) will return 512, 
> and so we can do bounds checking.  The problem comes in when someone does 
> something like:
> 
> ptr = buf;
> our_strcpy(ptr, source);
> 
> How can one determine the size of the buffer being pointed to?  
> sizeof(ptr) returns 4 :(  Technically, that's correct, but that's not what 
> I meant ;)

I'd suggest not using C's string handling functions at all, they're way
too annoying to be used safely (or at all, really). There's many
libraries that make things easier for you, GLIB and libowfat comes to my
mind at first. I've also put a stripped down version of my library
available at http://irccrew.org/~cras/security/lib/

Next message: r s: "Application to Application authentication models...."
Previous message: Brandon Erhart: "Re: safe strcpy()?"
In reply to: Ed Carp: "Re: safe strcpy()?"
Next in thread: mlhat_private: "Re: safe strcpy()?"
Next in thread: Brandon Erhart: "Re: safe strcpy()?"
Reply: mlhat_private: "Re: safe strcpy()?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 10:44:52 PST