| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: pauls at utdallas.edu (Schmehl, Paul L) Subject: Off topic programming thread > -----Original Message----- > From: Brett Hutley [mailto:brett@...ley.net] > Sent: Wednesday, October 29, 2003 12:13 AM > To: Bill Royds > Cc: madsaxon; full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] Off topic programming thread > > I think what you're really saying is that C allows > programmers to make > mistakes when dealing with areas of memory. The above > vulnerability is > based on a mistake in the code. > (If I was to code the above prototype BTW, I'd probably make it more > like "static void defang(const char *str, char *dfstr, > unsigned dfsize)" > to indicate to programmers calling the function that the first > argument's contents is immutable, the second argument is the > destination > buffer, and the size shouldn't be negative). > Yes! This is precisely what I am talking about. If programmers wrote code like this, then they'd be perfectly justified, for example, to simply return an error if dfsize was negative. After all, you were warned. :-) It would be trivial to check for proper input there and simply return an error if it's wrong. So why isn't this the norm rather than the exception? Or is it the norm? Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/
Powered by blists - more mailing lists