On 02/14/2011 11:23 AM, Joe Zeff wrote: > On 02/14/2011 10:03 AM, James Mckenzie wrote: >> I've found very obvious buffer overflow conditions and failures to enforce changes of variable types in publically available code bases. > > It's been years since I did any C programming, and my memory of it is > dusty (as Ziva David once phrased it) but I do remember that there are > two, very similar functions for copying strings. One copies as many > bytes as you give it, the other copies only as many as you specify if > there are "too many" given. Just using the second instead of the first > would prevent most of the easier buffer overflow exploits, if not all. > By now, I'd think that would be automatic, but then, I'm not a > programmer any more. You're talking about "strcpy()" (copy until you see the NULL) and "strncpy()" (copy until you see the NULL, but no more than N bytes). ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, C2 Hosting ricks@xxxxxxxx - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - If you're not part of the solution, you're part of the precipitate - ---------------------------------------------------------------------- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
