"Secure coding" audit checkers and Kerberos
Ken Raeburn
raeburn at MIT.EDU
Wed Oct 15 16:39:07 EDT 2008
On Oct 15, 2008, at 15:57, Nicolas Williams wrote:
> On Wed, Oct 15, 2008 at 02:54:09PM -0400, Greg Hudson wrote:
>> Ulrich Drepper wrote, in one of his more tactful moments:
>>
>> Correct string handling means that you always know how long
>> your
>> strings are and therefore you can you memcpy (instead of
>> strcpy).
>
> I don't agree.
>
> With strl*() you need only know the destination buffer's size, and
> then
> check the strl*() result to see if truncation/overflow occurred. (As
> the manpage says:
I said before, I'd want to look at the actual code, but I believe a
lot of these case are cases where we've just allocated the buffer, and
therefore have just worked out the lengths of the inputs and the size
of the output string. (Though in a bunch of such cases, I've already
replaced the code with calls to asprintf.) Perhaps Greg can
characterize the contexts of the code that some of the tools are
complaining about currently though; I don't know if you've been
looking in that much detail yet.
Ken
More information about the krbdev
mailing list