Re: No need for AV tools on Linux, eh?

On 02/14/2011 11:23 AM, Joe Zeff wrote:
On 02/14/2011 10:03 AM, James Mckenzie wrote:
I've found very obvious buffer overflow conditions and failures to enforce changes of variable types in publically available code bases.

It's been years since I did any C programming, and my memory of it is
dusty (as Ziva David once phrased it) but I do remember that there are
two, very similar functions for copying strings. One copies as many
bytes as you give it, the other copies only as many as you specify if
there are "too many" given. Just using the second instead of the first
would prevent most of the easier buffer overflow exploits, if not all.
By now, I'd think that would be automatic, but then, I'm not a
programmer any more.

You're talking about "strcpy()" (copy until you see the NULL) and
"strncpy()" (copy until you see the NULL, but no more than N bytes).
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, C2 Hosting ricks@xxxxxxxx -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- If you're not part of the solution, you're part of the precipitate -
----------------------------------------------------------------------
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Relevant Pages

  • Re: No need for AV tools on Linux, eh?
    ... It's been years since I did any C programming, and my memory of it is ... dusty (as Ziva David once phrased it) but I do remember that there are ...
    (Fedora)
  • Re: Requesting advice how to clean up C code for validating string represents integer
    ... technical definition of a programming language) which in ordinary ... usage has a "wide variety of exact meanings in many walks of life", ... whether some random set of memory cells in a C core image, ... north-west relative to the rest of the Bay Area. ...
    (comp.lang.c)
  • Re: MAKEINTRESOURCE in win32asm
    ... > practical use, as there is no reason, in Asm Programming ... (which would also require a second read from memory to complete), ... haven't noticed it...you must have had some address pointer, ... ooh, "messages"...the value zero can mean "window created", the value ...
    (alt.lang.asm)
  • Re: A case for HTML as a programming language
    ... > language that can express any finite state machine can express any ... amount of external read/write memory, ... By contrast, a full computer with only HTML as its language, no real ... programming language in addition, and links only to static WebPages (no ...
    (comp.programming)
  • Re: The Great Debate V. What have changed ?
    ... I programmed using the Delphi VCL for years. ... > wanted more memory statistics than Delphi was giving me. ... To thoose with more than 5 years programming ... > overestimated egos. ...
    (alt.lang.asm)