|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Secure coding in C (was Re: Administrivia #4883)
Subject: Secure coding in C (was Re: Administrivia #4883)
From: Bennett Todd (bet
RAHUL.NET)
Date: Fri Jan 14 2000 - 15:08:41 CST
- Next message: Bennett Todd: "Re: Secure coding in C (was Re: Administrivia #4883)"
- Previous message: naschemeENME.UCALGARY.CA: "Re: Administrivia #4883"
- In reply to: naschemeENME.UCALGARY.CA: "Re: Administrivia #4883"
- Next in thread: Marco Walther: "Re: Secure coding in C (was Re: Administrivia #4883)"
- Next in thread: Bennett Todd: "Re: Secure coding in C (was Re: Administrivia #4883)"
- Reply: Bennett Todd: "Secure coding in C (was Re: Administrivia #4883)"
- Reply: Marco Walther: "Re: Secure coding in C (was Re: Administrivia #4883)"
- Reply: Iván Arce: "Re: Secure coding in C (was Re: Administrivia #4883)"
- Reply: kay: "Re: Secure coding in C (was Re: Administrivia #4883)"
- Reply: Blue Boar: "Re: Secure coding in C (was Re: Administrivia #4883)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
2000-01-14-13:20:27 nascheme:
> ICQ is a disaster waiting to happen. There is strcat and strcpy
> all over the place last time I looked at it. I didn't have time
> to develop and exploit though.
NB: I don't mean here to imply that ICQ is secure:-).
I don't think strcat and strcpy necessarily imply exploits, of
themselves; by one of these creepy coincidences I'm doing some
security-critical programming right now[*], and for the modest
amount of string processing needed I started off using them,
suitably protected by preceeding checks with strlen(). I ended up
changing to using snprintf into a buffer sized by computing the
needed length using strlen, but that was just because it ended up
being much simpler as the string manipulations got more complex.
For a specific case, is there any security hole directly implied by
this C fragment, assuming attackers could control the contents of a
and b?
char *a = something();
char *b = something_else();
int len = strlen(a) + strlen(b);
char *c = malloc(len + 1) || die("malloc");
(void) strcat(strcpy(c, a), b);
BTW, what I ended up coding instead of that last line (as it grew
way more complex) was equivalent to:
snprintf(c, len, "%s%s", a, b) > 0 || die "snprintf";
-Bennett
[*] I'm re-starting a project I tried previously, which died the
last time for lack of round tuits, a new email local delivery agent,
to compete with procmail, maildrop, mailagent, etc. If it gets
anywhere near fruition I'll send an announcement here of where to
find the code, as soon as it stabilizes enough to deserve a security
audit.
- application/pgp-signature attachment: stored
- Next message: Bennett Todd: "Re: Secure coding in C (was Re: Administrivia #4883)"
- Previous message: naschemeENME.UCALGARY.CA: "Re: Administrivia #4883"
- In reply to: naschemeENME.UCALGARY.CA: "Re: Administrivia #4883"
- Next in thread: Marco Walther: "Re: Secure coding in C (was Re: Administrivia #4883)"
- Next in thread: Bennett Todd: "Re: Secure coding in C (was Re: Administrivia #4883)"
- Reply: Bennett Todd: "Secure coding in C (was Re: Administrivia #4883)"
- Reply: Marco Walther: "Re: Secure coding in C (was Re: Administrivia #4883)"
- Reply: Iván Arce: "Re: Secure coding in C (was Re: Administrivia #4883)"
- Reply: kay: "Re: Secure coding in C (was Re: Administrivia #4883)"
- Reply: Blue Boar: "Re: Secure coding in C (was Re: Administrivia #4883)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Fri Jan 14 2000 - 15:31:23 CST