[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1

From: Tom Lord
Subject: Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1
Date: Sun, 18 Apr 2004 07:47:51 -0700 (PDT)

    > From: Miles Bader <address@hidden>

    > On Sun, Apr 18, 2004 at 10:56:35AM +0200, Matthieu Moy wrote:
    > >  * characters are written.  This function stores up to `n+1' characters:
    > >  * up to `n' non-0 characters from `from', plus a final 0. 

    > I think that's a dangerous interface: as it stores up to `n + 1' 
    > it requires the user to worry about subtracting one from their buffer 
    > Sometimes they will forget to do this and just pass in `sizeof buf' or
    > something.

    > It would be  better to copy only `n - 1' real characters in the case of an
    > overflow, so that the final `\0' makes `n'.

That just shifts around the bugs and resulting exploits.  There is no
such thing as safe, easy-to-use, non-allocating string-algebra
primitives.  That's one reason why higher-level string types are being
added to hackerlab.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]