| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200703160220.07136.ismail@pardus.org.tr> Date: Fri, 16 Mar 2007 02:20:06 +0200 From: Ismail Dönmez <ismail@...dus.org.tr> To: metaur@...ia.com Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability On Friday 16 March 2007 00:00:23 Ulf Harnhammar wrote: > > Using strncpy is just strcpy + strlen > > anyway it can't have a big speed impact or anything. > > That's not really true. If you check the Linux manpage for strncpy(3), > it says: > > char *strncpy(char *dest, const char *src, size_t n); > [blah] > In the case where the length of src is less than that of n, the > remain- der of dest will be padded with null bytes. > > "The C Programming Language" agrees: > > "Pad with '\0's if t has fewer than n characters." Argh I forgot about the NULL padding, you are correct. > Thus, replacing strcpy(3) calls with strncpy(3) can have definite > impacts on performance. But the question is how big impact? Its a security/speed trade-off. Regards. -- Happiness in intelligent people is the rarest thing I know. (Ernest Hemingway) Ismail Donmez ismail (at) pardus.org.tr GPG Fingerprint: 7ACD 5836 7827 5598 D721 DF0D 1A9D 257A 5B88 F54C Pardus Linux / KDE developer _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists