OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Vuln-Dev Archives: Re: Secure coding in C (was Re: Administrivi

Re: Secure coding in C (was Re: Administrivia #4883)

Subject: Re: Secure coding in C (was Re: Administrivia #4883)
From: Iván Arce (core.lists.exploit-devCORE-SDI.COM)
Date: Fri Jan 14 2000 - 16:24:01 CST

Bennett Todd wrote:

> For a specific case, is there any security hole directly implied by
> this C fragment, assuming attackers could control the contents of a
> and b?
>
> char *a = something();
> char *b = something_else();
> int len = strlen(a) + strlen(b);

just being picky but what about ...
uint len = strlen(a) + strlen(b);

>
> char *c = malloc(len + 1) || die("malloc");
> (void) strcat(strcpy(c, a), b);
>
> BTW, what I ended up coding instead of that last line (as it grew
> way more complex) was equivalent to:
>
> snprintf(c, len, "%s%s", a, b) > 0 || die "snprintf";
>
> -Bennett 

--
"Understanding. A cerebral secretion that enables one having it to know
 a house from a horse by the roof on the house,
 It's nature and laws have been exhaustively expounded by Locke,
 who rode a house, and Kant, who lived in a horse." - Ambrose Bierce

==================[ CORE Seguridad de la Informacion S.A. ]=========
Iván Arce
Presidente
PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836  B25D 207B E78E 2AD1 F65A
email   : iarcecore-sdi.com
http://www.core-sdi.com
Pte. Juan D. Peron 315 Piso 4 UF 17
1038 Capital Federal
Buenos Aires, Argentina.              Tel/Fax : +(54-11) 4331-5402
Casilla de Correos 877 (1000) Correo Central
=====================================================================

--- For a personal reply use iarcecore-sdi.com

This archive was generated by hypermail 2b27 : Sun Jan 16 2000 - 00:07:52 CST