Re: safe strcpy()?

From: Timo Sirainen (tssat_private)
Date: Tue Jan 28 2003 - 20:05:22 PST

  • Next message: Sandeep Giri: "Security Auditing Report Conventions and Standards"

    On Wed, 2003-01-29 at 05:12, mlhat_private wrote:
    > Indeed.  What we want is a language compatible with
    > C but with string handling as a standard part -- luckily
    > there is such a beast -- C++ !
    
    I don't see that much need for C++ once you've gathered yourself a nice
    set of library functions that allow you to easily do anything you
    (usually) want. Comparing libc-only code against anything is pretty
    pointless, it's always uglier and more difficult, but luckily you don't
    have to limit yourself to it.
    
    And I'm not saying that you couldn't write better or at least prettier
    code with C++, but I think most of the C++ praising is simply about how
    much better libstdc++ is than libc. Only thing from C++ that I'd
    actually like to see in C is classes, they're a bit kludgy to implement
    with structs.
    
    > 		int max = 20;
    ..
    > 			if (i==max-1) { / / buffer full
    > 				max = max+max;
    > 				name = (char*)realloc(name,max) ; / / get a new and larger buffer
    > 				if (name == 0) quit() ;
    > 			}
    
    Looks like an exploitable integer overflow there with 64bit systems.
    
    > 	int main()
    > 	{
    > 		using namespace std; / / gain access to standard library
    > 		cout << "Please enter your first name:\n";
    > 		string name;
    > 		cin >> name;
    > 		cout << "Hello " << name << \n;
    > 	}
    
    How much data can you write into name? Can you set a limit? Is there a
    default limit? How do you check if the limit was reached and result had
    to be truncated? What would the code look like with such checks? For
    such a simple example it might not matter, but it would for any real
    code.
    
    For comparing, here's how the above would be done with my library, with
    full error checking. It may not be as pretty as you could get it with
    C++, but I wouldn't say it's bad either.
    
    #include <stdio.h>
    #include "lib.h"
    #include "istream.h"
    
    int main(void) {
    	struct istream *input;
    	char *name = NULL;
    	ssize_t ret;
    
    	lib_init();
    	printf("Please enter your first name:\n");
    
    	/* read max. 1024 bytes, (size_t)-1 would work for infinite */
    	input = i_stream_create_file(0, default_pool, 1024, FALSE);
    	do {
    		if ((ret = i_stream_read(input)) < 0)
    			break;
    
    		name = i_stream_next_line(input);
    	} while (name == NULL);
    
    	if (name != NULL)
    		printf("Hello %s\n", name);
    	else {
    		if (ret == -2)
    			printf("Your name is too long\n");
    		else
    			printf("EOF\n");
    	}
    
    	i_stream_unref(input);
    	lib_deinit();
    	return 0;
    }
    



    This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 13:04:24 PST