RE: safe strcpy()?

From: Michael Howard (mikehowat_private)
Date: Wed Jan 29 2003 - 13:06:41 PST

  • Next message: Daniel Reed: "RE: safe strcpy()?"

    The point I'm making is people seem to think they can write crap code,
    then bindly replace the calls to strcpy with strncpy and all of a sudden
    their code is safe. It's not! You MUST validate the untrusted data. Oh,
    and while you're at it - use 'safer' functions and compile with a
    stack-smashing detection capability such as VC++'s -GS or Crispin's
    StackGuard. 
    
    Then run tools over the code that model data flow through the app - just
    in case you missed something...
    
    A finally, have someone that understands this stuff review your code -
    just in case you missed something...
    
    Just a small data item: whenever I ask a bunch of developers whether you
    should accommodate for the trailing '\0' when determining the buffer
    size in a call to strncpy or strncat, 50% say YES, and 50% say NO...
    That means 50% are WRONG!! That's how buffer overruns occur...
    
    A stupid developer using 'safe' functions will produce stupid code!!
    There's no replacement for education, discpline and skill I'm afraid. 
    
    Cheers, Michael
    Secure Windows Initiative
    Writing Secure Code 2nd Edition
    http://www.microsoft.com/mspress/books/5957.asp
    
    
    -----Original Message-----
    From: Hall, Philip [mailto:phallat_private] 
    Sent: Tuesday, January 28, 2003 8:01 PM
    To: secprogat_private
    
    > Of course, the real way to build secure software is not to use "safe" 
    > functions, but to check data validity :-)
    
    Hang on, that sounds akin to not having locks (safe functions) on your
    front door, but posting a guard (data validation) at the end of your
    drive way...hmmmmm I think I'll stick to my eXtreme Defensive
    Programming (XDP) and be paranoid about everything...unless you meant
    that by *adding* the data validity to the 'safe' functions to beef them
    up...?
    
    --phil
    



    This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 13:27:43 PST