httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Richards <p.richa...@elsevier.co.uk>
Subject Re: Possible security problem in referer_log_transaction... ? (fwd)
Date Mon, 18 Dec 1995 21:43:01 GMT
In reply to Ben Laurie who said
> 
> Well, yes, I fear the man is right. We should probably ban all use of functions
> which don't check length. This is likely to be quite a hard task, but vital for
> security.

I don't think that's either practical or the correct solution. snprintf
provides a mirage of security for sloppy programmers when the real solution
is to do the job properly in the first place. As an example of how
"unsafe" snprintf can be if you don't understand why you're using it in
the first place.

void
callme(char *str)
{
	char buf[10];

	snprintf(buf, 20, "%s", str);
}
	
so the point is to educate programmers of the dangers in the first place or
they can just as easily screw up even with a "safer" routine.

Good design is what's called for.......

If you do the job properly then sprintf is just as safe and that bit
quicker since you should know the bounds of *str anyway or you'll risk
a segv from writing off the end of malloc'd memory so why add the overhead
of an additional check in the snprintf call. Also, I'd be wary of having
a library call arbitrarily truncate a string I pass to it. Personally, I'd
want to find out if I exceed any bounds myself so I can code in mechanisms
to deal with the situation rather than have something unexpected happen
when a string is truncated without me realising.

-- 
  Paul Richards. Originative Solutions Ltd.
  Internet: paul@netcraft.co.uk, http://www.netcraft.co.uk
  Phone: 0370 462071 (Mobile), +44 1225 447500 (work)

Mime
View raw message