Is void* vulnerable

Lalatendu Das wrote:

Is it vulnerable to use "void *" in the program as a return type or
as a TYPE of variable.

No.

Does it lead to any exploitation of program in any means like use
strcpy( ) leads to some sort of exploitation to the progarm ?

No.

"Lalatendu Das" <la******@gmail.comwrote in message .

Is it vulnerable to use "void *" in the program as a return type or
as a TYPE of variable.
Does it lead to any exploitation of program in any means like use
strcpy( )
leads to some sort of exploitation to the progarm ?

Any pointer introduces a potential security flaw if the programmer does not
control the address it points to.
void * must be converted to and from another type to be useful, and so a
wild void * is probably more likely than a wild pointer of any other type,
because there are more places in the chain for things to go wrong.

However if a pointer holds the correct address and the boundaries of the
object it points to are not overflowed, then pointers are safe.

"Lalatendu Das" <la******@gmail.comwrote in message
news:11**********************@v45g2000cwv.googlegr oups.com...

Is it vulnerable to use "void *" in the program as a return type or
as a TYPE of variable.
Does it lead to any exploitation of program in any means like use
strcpy( )
leads to some sort of exploitation to the progarm ?

There is nothing wrong with strcpy. The problem in using it lies in
the programmer, not in the function. If the programmer is
careless, her app *might* be vulnerable to exploitation.

If you always check that the receiving buffer is at least as
long as the sending buffer, there is no problem:
if ( strlen(sender) <= known_length_of_receiver ) {
strcpy( receiver, sender );
}

or you can exclusively use strncpy()
--
Fred L. Kleinschmidt

Fred Kleinschmidt wrote On 02/09/07 14:55,:

"Lalatendu Das" <la******@gmail.comwrote in message
news:11**********************@v45g2000cwv.googlegr oups.com...

>>Is it vulnerable to use "void *" in the program as a return type or
as a TYPE of variable.
Does it lead to any exploitation of program in any means like use
strcpy( )
leads to some sort of exploitation to the progarm ?

There is nothing wrong with strcpy. The problem in using it lies in
the programmer, not in the function. If the programmer is
careless, her app *might* be vulnerable to exploitation.

If you always check that the receiving buffer is at least as
long as the sending buffer, there is no problem:
if ( strlen(sender) <= known_length_of_receiver ) {
strcpy( receiver, sender );
}

There's some ambiguity about known_length_of_receiver.
The receiving area's string length (if it contains a string
at all) is irrelevant, so what's really important is instead
known_size_of_receiver. But in that case, the <= above is
wrong and should be < instead ...

"Even in trivia there are traps."

or you can exclusively use strncpy()

Blecch.

--
Er*********@sun.com

Eric Sosman <Er*********@sun.comwrote:

or you can exclusively use strncpy()

Blecch.

Having looked like an idiot by trying to use strncpy() the way it
*should* work and not the way it *does* work, in public, more than
once, I second that "blecch".

--
C. Benson Manica | I *should* know what I'm talking about - if I
cbmanica(at)gmail.com | don't, I need to know. Flames welcome.

Eric Sosman wrote:

There's some ambiguity about known_length_of_receiver.
The receiving area's string length (if it contains a string
at all) is irrelevant, so what's really important is instead
known_size_of_receiver. But in that case, the <= above is
wrong and should be < instead ...

"Even in trivia there are traps."

>or you can exclusively use strncpy()

Blecch.

I've always found it fairly ridiculous that strncpy() insists on nullifying
anything remaining. What exactly was the thinking there in that purpose?

If you know the length enough to compare, might as well just use memcpy()
anwyays.

If it's coming from a foreign source, chances are you read it from some other
source - hence you probably have the length already and can avoid all of the
str* functions.

Christopher Layne <cl****@com.anodizedwrites:

I've always found it fairly ridiculous that strncpy() insists on nullifying
anything remaining. What exactly was the thinking there in that purpose?

Read the Rationale.

7.21.2.4 The strncpy function

strncpy was initially introduced into the C library to deal
with fixed-length name fields in structures such as
directory entries. Such fields are not used in the same
way as strings: the trailing null is unnecessary for a
maximum-length field, and setting trailing bytes for
shorter names to null assures efficient field-wise
comparisons. strncpy is not by origin a "bounded strcpy,"
and the Committee preferred to recognize existing practice
rather than alter the function to better suit it to such
use.

--
"Some people *are* arrogant, and others read the FAQ."
--Chris Dollin

Fred Kleinschmidt wrote:

"Lalatendu Das" <la******@gmail.comwrote in message

>Is it vulnerable to use "void *" in the program as a return type
or as a TYPE of variable. Does it lead to any exploitation of
program in any means like use strcpy( ) leads to some sort of
exploitation to the progarm ?

There is nothing wrong with strcpy. The problem in using it lies
in the programmer, not in the function. If the programmer is
careless, her app *might* be vulnerable to exploitation.

If you always check that the receiving buffer is at least as
long as the sending buffer, there is no problem:
if ( strlen(sender) <= known_length_of_receiver ) {
strcpy( receiver, sender );
}

or you can exclusively use strncpy()

Or better, use strlcpy (which is non-standard). You can find a
portable implementation with documentation at:

<http://cbfalconer.home.att.net/download/>

--
<http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt>
<http://www.securityfocus.com/columnists/423>

"A man who is right every time is not likely to do very much."
-- Francis Crick, co-discover of DNA
"There is nothing more amazing than stupidity in action."
-- Thomas Matthews

Thanks for all the infos.
I guess Malcom has told really relevant thing.
And I find the discussion about strcpy and strncpy intresting.
But I would rather prefer strncpy to (a condition + strcpy).

Thanks anyways.

Lalatendu Das said:

Thanks for all the infos.
I guess Malcom has told really relevant thing.
And I find the discussion about strcpy and strncpy intresting.
But I would rather prefer strncpy to (a condition + strcpy).

That is almost always a mistake, because it involves potential data
loss. Make sure your buffer is big enough for strcpy. If it isn't, get
a bigger buffer!

--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999
http://www.cpax.org.uk
email: rjh at the above domain, - www.

"Fred Kleinschmidt" <fr******************@boeing.comwrote:

or you can exclusively use strncpy()

Yuck. strncpy() is just wrong, in the context of the rest of the
library[1]. Instead of

strncpy(str1, str2, n);
str1[n]='\0';

which almost always does the Wrong Thing, do

*str1='\0';
strncat(str1, str2, n-1);

which does what you actually want.

Richard

[1] It's right in the very limited historical context out of which it
grew, but that's no help to the other 99.99% of programs out there.

On 11 Feb, 08:14, Richard Heathfield <r...@see.sig.invalidwrote:

Lalatendu Das said:

Thanks for all the infos.
I guess Malcom has told really relevant thing.
And I find the discussion about strcpy and strncpy intresting.
But I would rather prefer strncpy to (a condition + strcpy).

That is almost always a mistake, because it involves potential data
loss. Make sure your buffer is big enough for strcpy. If it isn't, get
a bigger buffer!

plus it can copy unnecessary data.

char *s = "short";
char t [10000];
strncpy (s, t, 10000);

copies ~10000 nul characters at the end.
--
Nick Keighley

"Nick Keighley" <ni******************@hotmail.comwrote in message

On 11 Feb, 08:14, Richard Heathfield <r...@see.sig.invalidwrote:

>Lalatendu Das said:

Thanks for all the infos.
I guess Malcom has told really relevant thing.
And I find the discussion about strcpy and strncpy intresting.
But I would rather prefer strncpy to (a condition + strcpy).

That is almost always a mistake, because it involves potential data
loss. Make sure your buffer is big enough for strcpy. If it isn't, get
a bigger buffer!

plus it can copy unnecessary data.

char *s = "short";
char t [10000];
strncpy (s, t, 10000);

copies ~10000 nul characters at the end.

But often you want that. If we've got any sort of memory problem then t
having old bits of human-readable strings embedded in it is going to
complicate debugging considerably.

Malcolm McLean wrote, On 12/02/07 19:55:

"Nick Keighley" <ni******************@hotmail.comwrote in message

>On 11 Feb, 08:14, Richard Heathfield <r...@see.sig.invalidwrote:

>>Lalatendu Das said:
Thanks for all the infos.
I guess Malcom has told really relevant thing.
And I find the discussion about strcpy and strncpy intresting.
But I would rather prefer strncpy to (a condition + strcpy).
That is almost always a mistake, because it involves potential data
loss. Make sure your buffer is big enough for strcpy. If it isn't, get
a bigger buffer!

plus it can copy unnecessary data.

char *s = "short";
char t [10000];
strncpy (s, t, 10000);

copies ~10000 nul characters at the end.

But often you want that.

I've never wanted that.

If we've got any sort of memory problem then t
having old bits of human-readable strings embedded in it is going to
complicate debugging considerably.

Not really since you can see where the copied string ended easily enough.

On the other hand I don't want the needless inefficiency.
--
Flash Gordon

Flash Gordon said:

Malcolm McLean wrote, On 12/02/07 19:55:

>"Nick Keighley" <ni******************@hotmail.comwrote...

>>plus [strncpy] can copy unnecessary data.

char *s = "short";
char t [10000];
strncpy (s, t, 10000);

copies ~10000 nul characters at the end.

But often you want that.

I've never wanted that.

I have wanted that behaviour from time to time, but very rarely.

If we've got any sort of memory problem then t
having old bits of human-readable strings embedded in it is going to
complicate debugging considerably.

Not really since you can see where the copied string ended easily
enough.

More relevantly, Malcolm could have pointed out that having old bits of
human-readable string embedded in your data is a security risk for
programs where that matters. So sometimes it's a good idea to scrub the
data clean.

On the other hand I don't want the needless inefficiency.

Yes. When you don't need it, why pay for it?

And for my own part, I don't want the needless arbitrary data loss.

--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999
http://www.cpax.org.uk
email: rjh at the above domain, - www.

"Richard Heathfield" <rj*@see.sig.invalidwrote in message

>Not really since you can see where the copied string ended easily
enough.

More relevantly, Malcolm could have pointed out that having old bits of
human-readable string embedded in your data is a security risk for
programs where that matters. So sometimes it's a good idea to scrub the
data clean.

Exactly that thing happened to me the other day.
I was debugging a front end to MiniBasic. I called my test program
"helloFred". It asked me for a name, and I entered "Fred". Then it answered
"Hello Fred". However I neither scrubbed the buffer nor intialised it
correctly, so it printed out "Hello helloFred Fred". That sort of bug is OK
if you catch it early, but extremely confusing if it arises later on.

Malcolm McLean said:

>
"Richard Heathfield" <rj*@see.sig.invalidwrote in message

>>Not really since you can see where the copied string ended easily
enough.

More relevantly, Malcolm could have pointed out that having old bits
of human-readable string embedded in your data is a security risk for
programs where that matters. So sometimes it's a good idea to scrub
the data clean.

Exactly that thing happened to me the other day.
I was debugging a front end to MiniBasic. I called my test program
"helloFred". It asked me for a name, and I entered "Fred". Then it
answered "Hello Fred". However I neither scrubbed the buffer nor
intialised it correctly, so it printed out "Hello helloFred Fred".

How is that a security risk, exactly? Is Fred a secret agent? How does
Wilma feel about this? Is Mr Slate an agent provocateur? :-)

--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999
http://www.cpax.org.uk
email: rjh at the above domain, - www.

Malcolm McLean wrote:

>copies ~10000 nul characters at the end.

But often you want that. If we've got any sort of memory problem then t
having old bits of human-readable strings embedded in it is going to
complicate debugging considerably.

Dude, no way.

Malcolm McLean wrote, On 13/02/07 08:15:

"Richard Heathfield" <rj*@see.sig.invalidwrote in message

>>Not really since you can see where the copied string ended easily
enough.

More relevantly, Malcolm could have pointed out that having old bits of
human-readable string embedded in your data is a security risk for
programs where that matters. So sometimes it's a good idea to scrub the
data clean.

Yes, I agree there are sometimes good reasons. I also agree with the
rest of what you posted that Malcolm snipped.

Exactly that thing happened to me the other day.
I was debugging a front end to MiniBasic. I called my test program
"helloFred". It asked me for a name, and I entered "Fred". Then it answered
"Hello Fred". However I neither scrubbed the buffer nor intialised it
correctly, so it printed out "Hello helloFred Fred". That sort of bug is OK
if you catch it early, but extremely confusing if it arises later on.

It may be to you but I do not find it confusing at all. I would know
that depending on what I was doing I had either failed to initialised
the buffer or I had copied in a string without the nul termination.
--
Flash Gordon

"Richard Heathfield" <rj*@see.sig.invalidwrote in message

>Exactly that thing happened to me the other day.
I was debugging a front end to MiniBasic. I called my test program
"helloFred". It asked me for a name, and I entered "Fred". Then it
answered "Hello Fred". However I neither scrubbed the buffer nor
intialised it correctly, so it printed out "Hello helloFred Fred".

How is that a security risk, exactly? Is Fred a secret agent? How does
Wilma feel about this? Is Mr Slate an agent provocateur? :-)

You think Fred is a real name?

Malcolm McLean wrote:

>
"Richard Heathfield" <rj*@see.sig.invalidwrote in message

>>Exactly that thing happened to me the other day.
I was debugging a front end to MiniBasic. I called my test program
"helloFred". It asked me for a name, and I entered "Fred". Then it
answered "Hello Fred". However I neither scrubbed the buffer nor
intialised it correctly, so it printed out "Hello helloFred Fred".

How is that a security risk, exactly? Is Fred a secret agent? How does
Wilma feel about this? Is Mr Slate an agent provocateur? :-)

You think Fred is a real name?

My father certainly does.

--
Chris "electric hedgehog" Dollin
"- born in the lab under strict supervision -", - Magenta, /Genetesis/

Malcolm McLean said:

>
"Richard Heathfield" <rj*@see.sig.invalidwrote in message

>>Exactly that thing happened to me the other day.
I was debugging a front end to MiniBasic. I called my test program
"helloFred". It asked me for a name, and I entered "Fred". Then it
answered "Hello Fred". However I neither scrubbed the buffer nor
intialised it correctly, so it printed out "Hello helloFred Fred".

How is that a security risk, exactly? Is Fred a secret agent? How
does
Wilma feel about this? Is Mr Slate an agent provocateur? :-)

You think Fred is a real name?

I could answer that, but then I'd have to kill you, and neither of us
wants that to happen, now do we?

--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999
http://www.cpax.org.uk
email: rjh at the above domain, - www.

Chris Dollin said:

Malcolm McLean wrote:

>>
"Richard Heathfield" <rj*@see.sig.invalidwrote in message

>>>Exactly that thing happened to me the other day.
I was debugging a front end to MiniBasic. I called my test program
"helloFred". It asked me for a name, and I entered "Fred". Then it
answered "Hello Fred". However I neither scrubbed the buffer nor
intialised it correctly, so it printed out "Hello helloFred Fred".

How is that a security risk, exactly? Is Fred a secret agent? How
does
Wilma feel about this? Is Mr Slate an agent provocateur? :-)

You think Fred is a real name?

My father certainly does.

Why is Malcolm typing your father's name into his program? Has he
acquired the necessary permission from your father, to comply with the
Data Protection Act? If not, you might want to give serious thought to
starting legal proceedings.

--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999
http://www.cpax.org.uk
email: rjh at the above domain, - www.

"Richard Heathfield" <rj*@see.sig.invalidwrote in message

>

>You think Fred is a real name?

I could answer that, but then I'd have to kill you, and neither of us
wants that to happen, now do we?

That's the second person who has threatened to have to kill me on this ng
today. I'm sure there's some sort of law against it.

If you look at the keyboard, the mystery of the choice will be resolved.
"Hello Fred" is a slightly more rigorous test of a computer system than
"Hello World", since it aquires input from the user, processes it, and sends
back an output.

Richard Heathfield wrote:

Chris Dollin said:

>Malcolm McLean wrote:

>>"Richard Heathfield" <rj*@see.sig.invalidwrote in message

Exactly that thing happened to me the other day. I was debugging
a front end to MiniBasic. I called my test program "helloFred".
It asked me for a name, and I entered "Fred". Then it answered
"Hello Fred". However I neither scrubbed the buffer nor
intialised it correctly, so it printed out "Hello helloFred Fred".

How is that a security risk, exactly? Is Fred a secret agent? How
does Wilma feel about this? Is Mr Slate an agent provocateur? :-)

You think Fred is a real name?

My father certainly does.

Why is Malcolm typing your father's name into his program? Has he
acquired the necessary permission from your father, to comply with
the Data Protection Act? If not, you might want to give serious
thought to starting legal proceedings.

I think Malcolm is taking unacceptable liberties in using a
nickname, let alone a first name. He should be addressing him as
"Mr. Dollins", unless a bosom buddy. Correspondence might be
addressed to "Frederick Dollins, Esq." or to "Mr. Frederick
Dollins". Dahling is not a suitable substitute.

--
<http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt>
<http://www.securityfocus.com/columnists/423>

"A man who is right every time is not likely to do very much."
-- Francis Crick, co-discover of DNA
"There is nothing more amazing than stupidity in action."
-- Thomas Matthews

Malcolm McLean said:

>
"Richard Heathfield" <rj*@see.sig.invalidwrote in message

>>

>>You think Fred is a real name?

I could answer that, but then I'd have to kill you, and neither of us
wants that to happen, now do we?

That's the second person who has threatened to have to kill me on this
ng today.

Check your deodorant. :-)

I'm sure there's some sort of law against it.

There's even a law, or at least a regulation, against taking photographs
in a shopping mall, as I discovered today. So yeah, there's probably
some kind of law against killing programmers, too. Which is a good
thing, obviously.

If you look at the keyboard, the mystery of the choice will be
resolved. "Hello Fred" is a slightly more rigorous test of a computer
system than "Hello World", since it aquires input from the user,
processes it, and sends back an output.

Yes, but why Fred? Don't give me any of this "it's really easy to type"
nonsense. You know the real reason, and I know you know, and I think
you know I know you know.

You're a closet Flintstones fan, right?

--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999
http://www.cpax.org.uk
email: rjh at the above domain, - www.

Nick Keighley wrote:

char *s = "short";
char t [10000];
strncpy (s, t, 10000);

Presumably you meant strncpy(t, s, 10000);

copies ~10000 nul characters at the end.

The majority of them is not necessarily *copied*.

--
DPS

On 19 Feb, 07:45, Dietmar Schindler <D...@Arcor.Dewrote:

Nick Keighleywrote:

char *s = "short";
char t [10000];
strncpy (s, t, 10000);

Presumably you meant strncpy(t, s, 10000);

copies ~10000 nul characters at the end.

The majority of them is not necessarily *copied*.

I don't really see your point. There are 10,000
unnecessary writes. You seem to be making a distinction
without a significant difference.
--
Nick Keighley

"Dietmar Schindler" <DS***@Arcor.Dewrote in message

Nick Keighley wrote:

> char *s = "short";
char t [10000];
strncpy (s, t, 10000);

Presumably you meant strncpy(t, s, 10000);

>copies ~10000 nul characters at the end.

The majority of them is not necessarily *copied*.

"Copy" isn't strictly the correct term since "s" may have only one
terminating NUL.
However the field will be padded out with zero bytes, which means about
10,000 memory writes.

Nick Keighley wrote:

>
On 19 Feb, 07:45, Dietmar Schindler <D...@Arcor.Dewrote:

Nick Keighleywrote:

char *s = "short";
char t [10000];
strncpy (s, t, 10000);

Presumably you meant strncpy(t, s, 10000);

copies ~10000 nul characters at the end.

The majority of them is not necessarily *copied*.

I don't really see your point. There are 10,000
unnecessary writes. You seem to be making a distinction
without a significant difference.

The difference between 10000 writes and 10000 copies could be about
10000 reads. Whether it is, and whether it is significant, is, of
course, implementation/application dependent.

--
DPS