[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1
From: |
Tom Lord |
Subject: |
Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1 |
Date: |
Sun, 18 Apr 2004 07:47:51 -0700 (PDT) |
> From: Miles Bader <address@hidden>
> On Sun, Apr 18, 2004 at 10:56:35AM +0200, Matthieu Moy wrote:
> > * characters are written. This function stores up to `n+1' characters:
> > * up to `n' non-0 characters from `from', plus a final 0.
> I think that's a dangerous interface: as it stores up to `n + 1'
characters,
> it requires the user to worry about subtracting one from their buffer
size.
> Sometimes they will forget to do this and just pass in `sizeof buf' or
> something.
> It would be better to copy only `n - 1' real characters in the case of an
> overflow, so that the final `\0' makes `n'.
That just shifts around the bugs and resulting exploits. There is no
such thing as safe, easy-to-use, non-allocating string-algebra
primitives. That's one reason why higher-level string types are being
added to hackerlab.
-t
- [Gnu-arch-users] Emgergency release of tla-1.2.1pre1, James Blackwell, 2004/04/17
- Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1, Tom Lord, 2004/04/17
- Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1, Aaron Bentley, 2004/04/17
- Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1, chth, 2004/04/17
- Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1, Matthieu Moy, 2004/04/17
- Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1, Aaron Bentley, 2004/04/18
- Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1, Matthieu Moy, 2004/04/18
- Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1, Matthieu Moy, 2004/04/18
- Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1, Miles Bader, 2004/04/18
- Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1,
Tom Lord <=
- Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1, Aaron Bentley, 2004/04/18
- Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1, Tom Lord, 2004/04/18
- Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1, Miles Bader, 2004/04/18
- Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1, Tom Lord, 2004/04/19
- Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1, Robin Farine, 2004/04/18
Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1, David Miller, 2004/04/17
Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1, Robin Green, 2004/04/18
Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1, Scott Parish, 2004/04/18