Re: safe strcpy()?

From: Crispin Cowan (crispinat_private)
Date: Tue Jan 28 2003 - 14:49:45 PST

  • Next message: Brian Reichert: "Re: Can System() of Perl be bypassed?"

    Michal Zalewski wrote:
    
    >[encoding buffer size with the buffer]
    >  
    >
    >I'm pretty convinced I've seen at least a discussion about such an
    >implementation, quite unfortunately, I can't find any references right
    >now. Perhaps other readers could help.
    >
    Not sure if this is what you're referring to ... DJB (Dan Bernstein) 
    built a string manipulation library as part of his qmail implementation. 
    This string library *completely* disposes of C's null-terminated string 
    idiom in favor of strings being an object that contains base and bounds 
    information. This has the advantage of being much safer (strcpy really 
    does know the destination size, and will not overflow it) and the 
    disadvantage of being more-or-less completely incompatible with current 
    C code.
    
    Crispin
    
    -- 
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX                      http://wirex.com/~crispin/
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    			    Just say ".Nyet"
    
    
    
    



    This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 15:05:25 PST