On Wed, 29 Jan 2003, Daniel Reed wrote: > Replacing strcpy()'s with strncpy()'s will not solve all problems, > and may in fact introduce new ones. In the above example, strncpy() did not > itself cause a problem, but its ignorant usage led to a misbehaviour. Replacing strcpy() with strncpy() does NOTHING to fix the destination overflow problem, which is a train wreck waiting to happen. > Using manipulation routines that ensure the string is large enough > to "hold" everything can lead to its own problems. A quick example: reading > data from the network; all someone need do is feed your service a constant > stream of characters, eventually the program will fill all available memory > trying to store the string. Again, it would be a programmer ignorantly > feeding a network socket directly into a string (as I've seen provided in > examples on this very list). However, in all of these cases, programmer > failure seems to be a common thread. There is no intrinsic flaw in the > methods or implementations they are using. The way to fix this is to just ignore everything that comes in when your buffer is full. Closing the socket is a rather effective, if rude<g> way to let the other side know it's sending you too much! -- Ed Carp, N7EKG http://www.pobox.com/~erc 214/986-5870 Licensed Texas Peace Officer Computer Crime Investigation Consultant Director, Software Development Escapade Server-Side Scripting Engine Development Team http://www.squishedmosquito.com Microsoft Front Page - the official HTML editor of Al Qaeda Microsoft Hotmail - the official email of Al Qaeda
This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 09:39:47 PST