Re: safe strcpy()?

From: Crispin Cowan (crispinat_private)
Date: Tue Jan 28 2003 - 14:49:45 PST

Next message: Brian Reichert: "Re: Can System() of Perl be bypassed?"

Previous message: NESTING, DAVID M (SBCSI): "RE: Can System() of Perl be bypassed?"
In reply to: Michal Zalewski: "Re: safe strcpy()?"
Next in thread: Steffen Dettmer: "Re: safe strcpy()?"
Next in thread: Timo Sirainen: "Re: safe strcpy()?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michal Zalewski wrote:

>[encoding buffer size with the buffer]
>  
>
>I'm pretty convinced I've seen at least a discussion about such an
>implementation, quite unfortunately, I can't find any references right
>now. Perhaps other readers could help.
>
Not sure if this is what you're referring to ... DJB (Dan Bernstein) 
built a string manipulation library as part of his qmail implementation. 
This string library *completely* disposes of C's null-terminated string 
idiom in favor of strings being an object that contains base and bounds 
information. This has the advantage of being much safer (strcpy really 
does know the destination size, and will not overflow it) and the 
disadvantage of being more-or-less completely incompatible with current 
C code.

Crispin

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX                      http://wirex.com/~crispin/
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html
			    Just say ".Nyet"

application/pgp-signature attachment: stored

Next message: Brian Reichert: "Re: Can System() of Perl be bypassed?"
Previous message: NESTING, DAVID M (SBCSI): "RE: Can System() of Perl be bypassed?"
In reply to: Michal Zalewski: "Re: safe strcpy()?"
Next in thread: Steffen Dettmer: "Re: safe strcpy()?"
Next in thread: Timo Sirainen: "Re: safe strcpy()?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 15:05:25 PST