Re: Fix buffer overrun ...

Fri, 14 Mar 2014 12:34:50 -0700 

On Wed, Mar 12, 2014 at 07:36:24PM -0700, Claus Assmann wrote:
> On Thu, Mar 13, 2014, Moritz Barsnick wrote:
> 
> > "Release early, release often." ;-)
> > (Less than six months this time, instead of three years.)
> 
> Thanks to a buffer overflow...
> 
> It would have been much better if that didn't happen.
> Hmm, maybe it's finally time to get rid of strcat(), strcpy(), etc?

Consider the following short program:

#include <string.h>
#include <stdio.h>
int main(int argc, char **argv)
{
    char a[3] = "abc";
    char b[] = "fooliciouslylongstringamabob";
    char c[] = "foo";
    int s,t,max;

    /* Compare the full string, i.e. whichever is larger */
    s = strlen(a);
    t = strlen(b);
    max = s >= t ? s : t;
    if (!strncmp(a, b, max)) printf("a (%s) and b (%s) are equal\n", a, b);
    else printf("a (%s) and b (%s) are not equal\n", a, b);

    /* Compare the minimum, so we don't overrun */
    s = strlen(c);
    t = strlen(b);
    max = s <= t ? s : t;
    if (!strncmp(c, b, max)) printf("c (%s) and b (%s) are equal\n", c, b);
    else printf("c (%s) and b (%s) are not equal\n", c, b);

    return 0;
}


This program makes use of only "safe" string functions, yet it has two
problems, including a buffer overrun, due to a programming error in
the initialization of a, and an incorrect result due to an incorrect
attempt to skirt a fundamental problem with the way that strings work
in C.  It may or may not crash, depending on your architecture and how
the bits of memory happen to be aligned on your machine.

Any function that deals with memory manipulation (virtually all of
them) can be dangerous if you use it wrong.  If you look at the code
where the "non-safe" functions are used, you'll see that in general
care is taken to make sure there is an accounting of bounds.
Unfortunately, sometimes when old code is updated, the maintainer
forgets to re-check that everything is copacetic.  This can still
happen with the "safe" versions of all these functions too.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.

Attachment: pgpJER7hwTEEd.pgp
Description: PGP signature

Reply via email to