> -----Original Message----- > From: Brett Hutley [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 29, 2003 12:13 AM > To: Bill Royds > Cc: madsaxon; [EMAIL PROTECTED] > Subject: Re: [Full-Disclosure] Off topic programming thread > > I think what you're really saying is that C allows > programmers to make > mistakes when dealing with areas of memory. The above > vulnerability is > based on a mistake in the code. > (If I was to code the above prototype BTW, I'd probably make it more > like "static void defang(const char *str, char *dfstr, > unsigned dfsize)" > to indicate to programmers calling the function that the first > argument's contents is immutable, the second argument is the > destination > buffer, and the size shouldn't be negative). > Yes! This is precisely what I am talking about.
If programmers wrote code like this, then they'd be perfectly justified, for example, to simply return an error if dfsize was negative. After all, you were warned. :-) It would be trivial to check for proper input there and simply return an error if it's wrong. So why isn't this the norm rather than the exception? Or is it the norm? Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
