OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Vuln-Dev Archives: Re: Secure coding in C (was Re: Administrivi

Re: Secure coding in C (was Re: Administrivia #4883)

Subject: Re: Secure coding in C (was Re: Administrivia #4883)
From: Bennett Todd (betRAHUL.NET)
Date: Fri Jan 14 2000 - 15:58:33 CST

2000-01-14-16:48:50 Marco Walther:
> BT> snprintf(c, len, "%s%s", a, b) > 0 || die "snprintf";
>
> You're dead! Use (*a == '\0' && *b == '\0') and snprintf() returns `0'!!

Thanks for the tip. I knew about, and ignored that possibility; in
this case the values I'm concatenating come from various sources,
some of which are guaranteed to be non-null, and the format string
actually includes some literal characters, not just a bunch of %s's.

I'm building up a maildir file name, actually. And I _know_ that
someone, someday, is going to use my program to pick a field out of
the header and directly use that as a folder name, so I better be
able to soak up hostile strings showing up:-).

And for whatever it's worth, I consider ``die("snprintf")'' to be a
healthy response to an otherwise-unchecked hostile string, at least
in this setting:-).

-Bennett

  • application/pgp-signature attachment: stored

This archive was generated by hypermail 2b27 : Fri Jan 14 2000 - 16:23:22 CST