Re: safe strcpy()?

From: Steffen Dettmer (steffenat_private)
Date: Tue Jan 28 2003 - 16:09:55 PST

  • Next message: Michael Howard: "RE: safe strcpy()?"

    * Michal Zalewski wrote on Tue, Jan 28, 2003 at 02:09 -0800:
    > On Tue, 28 Jan 2003, Ed Carp wrote:
    > 
    > > I wasn't able to find such a function - do you have an example?
    
    > 
    > I'm pretty convinced I've seen at least a discussion about such an
    > implementation, quite unfortunately, I can't find any references right
    > now. Perhaps other readers could help.
    
    There was a thread on secprog, yep. For instance, I wrote a mail
    about "the own text buffer type" in:
    http://online.securityfocus.com/archive/98/300536/2002-12-01/2002-12-07/2
    
    >   - Use a range checking compiler that emits and tracks this additional
    >     information (and generates a slower code; plus, not all platforms
    >     would have a compiler with such an option, I imagine),
    
    BTW, I know the gcc bounds patch and I used it once, it was a
    nice thing! Is there something similar available for C++? I've
    played around with efence and mpatrol, both may help to find
    overflows and such. Maybe worth a look?
    
    >   - Implement manual passing of the information by adding a length
    >     parameter to all functions that operate on buffers (and rewrite
    >     most of your code),
    
    Isn't this strncpy and strlcpy?
    
    >   - ...or, per Crispin's suggestion, use a runtime checker like
    >     StackGuard. 
    
    Is StackGuard only protecting the stack? Then mpatrol may be more
    helpful I think, please correct me if I'm wrong.
    
    Well, the question was about language... I think, C is
    "optimized" for speed and is nice for small embedded systems :)
    "Higher level" languages, such as C++, Java or even Ada and heaps
    others support much more language features to protect against
    such issues. Maybe C is not designed for safety... With C++ you
    can add some comfortable, with Java you should get always run
    time exceptions. Ada isn't widely used in practice (outside
    government and medical projects and such) I think.
    
    oki,
    
    Steffen
    
    -- 
    Dieses Schreiben wurde maschinell erstellt,
    es trägt daher weder Unterschrift noch Siegel.
    



    This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 16:13:20 PST