Joel on Software has a new article with advice to college students: http://www.joelonsoftware.com/articles/CollegeAdvice.html A pretty good read. Regards, ...
Hello! The next, non-commercial, technological Security Forum will take place on Sunday, the 16th of January, 2005, at Tel Aviv University's Lev Auditorium. We...
without reading this, i can tell you that it has been proven that strncpy()/strncat() are error-prone and that programmers just can't figure out how to use...
Elad Efrat
elad@...
Jan 11, 2005 8:14 am
4141
... As commeters in the blog entry said, OpenBSD have had for some time a strlcpy() (and related functions) that act exactly the same as strncpy() except that...
... [Chen Shapira] I prefer the "if" version, because it is self documenting. When another programmer reads the code, he sees exactly the issue you had in mind...
... Not only that - it may not work correctly. And I found this the hard way (as a bug in Hspell): In glibc (at least), If you're in a UTF8 locale (e.g.,...
... I can be pedantic too: Most /certainly/ not. The parentheses are redundant as sizeof is an operator, not a function. I wouldn't "sizeof(dst)" just as I...
... Sounds like UTF8 introduces its own breakage and deserves its own care and attention. ... Yes. snprintf() is not standard and is often not available....
... Strange, the current printf manual page indeed agree with you. And I could have swore I saw the behavior I said... Perhaps what bothered me was that "don't...
again. for people like you (and the rest who offered some very creative 'solutions' to something which is defaintely not a problem) there is strlcpy(). ...
Elad Efrat
elad@...
Jan 12, 2005 6:54 am
4149
Quoting Elad Efrat <elad@...>: You are so full of it. If you already know everything, why join this mailing list? ... strlcpy() is unavailable on...
... To dilute reprints of Joel Splosky, I guess. [...] ... [...] ... Win32 actually do have snprintf. It is disguised in form of another function, but after...
Where can I find documented guidelines to write a secure c code? I.e. restrictive rules for writing with c that will minimize buffer overflow,etc... Regards, ...
There's a nice and long how-to here: http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.html Cheers, Aviv. ... -- Aviv Ben-Yosef aviv.by at gmail...
Aviv Ben-Yosef
aviv.by@...
Jan 12, 2005 12:22 pm
4153
... I would argue that safety of sizeofing variable directly depends on what are your policies on changing allocation class for your variables. For example, if...
... True... The alternative to that is not sizeofing the type, it is using a macro (although I often neglect to do that when the buffer is, e.g., on the stack,...
... Or in other words, sizeofing the object is more stable than sizeofing the type under "type change" refactoring. On the other hand, sizeofing the object is...
i find it funny that someone who's writing 'secure' code for a living has no clue about _snprintf() in win32. :) but then again - you're a hacker and i'm not. ...
Elad Efrat
elad@...
Jan 12, 2005 5:05 pm
4157
... It's interesting how a subconcious decision I made (to use sizeof without parantheses in my example) turned into a heated thread. People - both forms are...
nadav, i usually do a range-check before passing any length to malloc() and the likes to avoid any possible integer overflows with rather large sizes, at least...
Elad Efrat
elad@...
Jan 12, 2005 5:42 pm
4159
... The whole raison d'etre of the ALLOC macro I outlined in my previous post was to allow malloc to be relaced by something else - calloc(), ...
... I don't think I understand. How can type-sizeofing be relevant to memory allocation policy change? The only way you can confuse the two is when you need to...
i didn't say the use of *malloc* is insecure, but i just pointed out that *i* prefer to do a range-check *before* passing the allocation length to anything...
Elad Efrat
elad@...
Jan 12, 2005 6:13 pm
4162
... Adi wrote that this is basically a matter of style. If openbsd's conventions would prefer 'if(' to 'if (' or vice-versa would that be such a proof that one...
... Except that you don't need to cast malloc()'s return value in ANSI C, only in sub-standard (tartey-mashma) dialects such as K&R or C++. Not casting...
... An irrefutable argument. Congratulations. ... Down to business. Why keep the parantheses? Please feel free to give either stylistic or security-oriented...
sizeof was brought on a discussion as related, in some manner, to security and i believe was said (?) to be more secure when used without parentheses; that's...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
