By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
445,797 Members | 1,848 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 445,797 IT Pros & Developers. It's quick & easy.

Insecure Programming by example

P: n/a
Hi folks,

found an interesting C link here::
http://community.core-sdi.com/~gera/...reProgramming/

Dec 15 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
aa*****@gmail.com said:
Hi folks,

found an interesting C link here::
http://community.core-sdi.com/~gera/...reProgramming/


I looked at the first example. Anyone programming like that needs a good
kicking.

--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999
http://www.cpax.org.uk
email: rjh at above domain (but drop the www, obviously)
Dec 15 '05 #2

P: n/a
Richard Heathfield wrote:
aa*****@gmail.com said:

Hi folks,

found an interesting C link here::
http://community.core-sdi.com/~gera/...reProgramming/

I looked at the first example. Anyone programming like that needs a good
kicking.


It's interesting that the example indulges in undefined
behavior (twice!) before arriving at what was probably the
point it was trying to make. One doesn't know whether the
author deserves praise or blame.

--
Eric Sosman
es*****@acm-dot-org.invalid
Dec 16 '05 #3

P: n/a

Eric Sosman wrote:
It's interesting that the example indulges in undefined
behavior (twice!) before arriving at what was probably the
point it was trying to make. One doesn't know whether the
author deserves praise or blame.


Similarly, all the argc and argv parameter conventions are reversed; is
that ignorance? or some sort of erudite gotcha for improperly trained
applicants? The whole thing feels like a red herring: which of the many
objectionable elements am I *supposed* to be objecting to... ?

Dec 16 '05 #4

P: n/a
aa*****@gmail.com said:
Hi all,

here are some more interesting links::-
http://www.cs.berkeley.edu/~ushankar.../percents.html
I have the very greatest of respect for David Wagner's cryptographic skills.
I would not ask him to write C code for me. (Sorry, David, if you ever read
this!)
http://www.cs.dartmouth.edu/~cs38/lo...mats-teso.html


Whoever wrote that needs a good kicking. Here's a quote:

++++
A format string is an ASCIIZ string that contains text and format parame-
ters.Example:

printf ("The magic number is: %s\n", 1911);
++++

In this tiny fragment, which is the first significant bit of C code in the
document, I count two oopses - one in the text and one in the code. Oops.

--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999
http://www.cpax.org.uk
email: rjh at above domain (but drop the www, obviously)
Dec 21 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.