Re: safe strcpy()?

From: Timo Sirainen (tssat_private)
Date: Tue Jan 28 2003 - 20:05:22 PST

Next message: Sandeep Giri: "Security Auditing Report Conventions and Standards"

Previous message: Timo Sirainen: "Re: safe strcpy()?"
In reply to: mlhat_private: "Re: safe strcpy()?"
Next in thread: Crispin Cowan: "Re: safe strcpy()?"
Next in thread: Brandon Erhart: "Re: safe strcpy()?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2003-01-29 at 05:12, mlhat_private wrote:
> Indeed.  What we want is a language compatible with
> C but with string handling as a standard part -- luckily
> there is such a beast -- C++ !

I don't see that much need for C++ once you've gathered yourself a nice
set of library functions that allow you to easily do anything you
(usually) want. Comparing libc-only code against anything is pretty
pointless, it's always uglier and more difficult, but luckily you don't
have to limit yourself to it.

And I'm not saying that you couldn't write better or at least prettier
code with C++, but I think most of the C++ praising is simply about how
much better libstdc++ is than libc. Only thing from C++ that I'd
actually like to see in C is classes, they're a bit kludgy to implement
with structs.

> 		int max = 20;
..
> 			if (i==max-1) { / / buffer full
> 				max = max+max;
> 				name = (char*)realloc(name,max) ; / / get a new and larger buffer
> 				if (name == 0) quit() ;
> 			}

Looks like an exploitable integer overflow there with 64bit systems.

> 	int main()
> 	{
> 		using namespace std; / / gain access to standard library
> 		cout << "Please enter your first name:\n";
> 		string name;
> 		cin >> name;
> 		cout << "Hello " << name << \n;
> 	}

How much data can you write into name? Can you set a limit? Is there a
default limit? How do you check if the limit was reached and result had
to be truncated? What would the code look like with such checks? For
such a simple example it might not matter, but it would for any real
code.

For comparing, here's how the above would be done with my library, with
full error checking. It may not be as pretty as you could get it with
C++, but I wouldn't say it's bad either.

#include <stdio.h>
#include "lib.h"
#include "istream.h"

int main(void) {
	struct istream *input;
	char *name = NULL;
	ssize_t ret;

	lib_init();
	printf("Please enter your first name:\n");

	/* read max. 1024 bytes, (size_t)-1 would work for infinite */
	input = i_stream_create_file(0, default_pool, 1024, FALSE);
	do {
		if ((ret = i_stream_read(input)) < 0)
			break;

		name = i_stream_next_line(input);
	} while (name == NULL);

	if (name != NULL)
		printf("Hello %s\n", name);
	else {
		if (ret == -2)
			printf("Your name is too long\n");
		else
			printf("EOF\n");
	}

	i_stream_unref(input);
	lib_deinit();
	return 0;
}

Next message: Sandeep Giri: "Security Auditing Report Conventions and Standards"
Previous message: Timo Sirainen: "Re: safe strcpy()?"
In reply to: mlhat_private: "Re: safe strcpy()?"
Next in thread: Crispin Cowan: "Re: safe strcpy()?"
Next in thread: Brandon Erhart: "Re: safe strcpy()?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 13:04:24 PST