Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: NCSA httpd 1.3Dan Thorson (Dan_Thorsonnotes.seagate.com)
24 Feb 95 8:31:02 EDT
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Jonathan Stott: "Re: NCSA httpd 1.3"
- Previous message: Ben Taylor: "Re: snooper watchers"
- Maybe in reply to: Kevin at Paranoia: "NCSA httpd 1.3"
- Next in thread: Jonathan Stott: "Re: NCSA httpd 1.3"
I've been thinking about many of the latest security holes, specifically those having to do with overrunning char strings. We know one rule: Never use sprintf(dest, fmt, ...), strcpy(dest, src), etc, as they do no checking on the max length of "dest" However, perhaps another rule: Avoid using strncat(dest, src, n) or strncpy(dest, src, n), etc, as they _also_ do no checking on the max length of "dest", although 'n' can be properly calculated & make them safe. Perhaps, instead, it's time to write a new series of string manipulators.... ones that do the following: 1) Behave similarly to the existing functions (like sprintf(), strncat(), strncpy(), but take an additional argument "destlen", which is (of course) the max length of the destination string. 2) Do the string-function, but if the "dest" string will be overrun, return an error code AND post to the syslog function. I could see a couple of advantages. o) We could "grep" all our mission-critical code for the "offensive" functions, and replace them. o) If anything shows up in the syslog(), it'd be due to either malicious behavior, or bad coding, either of which I know _I'd_ want to know about. This doesn't see like it'd be too hard. Anybody got the time? I'd think anyone writing code that'll live where badguys live would want to take the time. ANY suid program should use them. My opinion. Nobody else wants it. Dan Thorson (DT35) (612) 844-5738 dan_thorsonnotes.seagate.com postmasterseagate.com thorsonmr.net postmasternotes.seagate.com