Is it vulnerable to use "void *" in the program as a return type or
as a TYPE of variable.
Does it lead to any exploitation of program in any means like use
strcpy( )
leads to some sort of exploitation to the progarm ? 30 1710
Lalatendu Das wrote:
Is it vulnerable to use "void *" in the program as a return type or
as a TYPE of variable.
No.
Does it lead to any exploitation of program in any means like use
strcpy( ) leads to some sort of exploitation to the progarm ?
No.
"Lalatendu Das" <la******@gmail.comwrote in message .
Is it vulnerable to use "void *" in the program as a return type or
as a TYPE of variable.
Does it lead to any exploitation of program in any means like use
strcpy( )
leads to some sort of exploitation to the progarm ?
Any pointer introduces a potential security flaw if the programmer does not
control the address it points to.
void * must be converted to and from another type to be useful, and so a
wild void * is probably more likely than a wild pointer of any other type,
because there are more places in the chain for things to go wrong.
However if a pointer holds the correct address and the boundaries of the
object it points to are not overflowed, then pointers are safe.
"Lalatendu Das" <la******@gmail.comwrote in message
news:11**********************@v45g2000cwv.googlegr oups.com...
Is it vulnerable to use "void *" in the program as a return type or
as a TYPE of variable.
Does it lead to any exploitation of program in any means like use
strcpy( )
leads to some sort of exploitation to the progarm ?
There is nothing wrong with strcpy. The problem in using it lies in
the programmer, not in the function. If the programmer is
careless, her app *might* be vulnerable to exploitation.
If you always check that the receiving buffer is at least as
long as the sending buffer, there is no problem:
if ( strlen(sender) <= known_length_of_receiver ) {
strcpy( receiver, sender );
}
or you can exclusively use strncpy()
--
Fred L. Kleinschmidt
Fred Kleinschmidt wrote On 02/09/07 14:55,:
"Lalatendu Das" <la******@gmail.comwrote in message
news:11**********************@v45g2000cwv.googlegr oups.com...
>>Is it vulnerable to use "void *" in the program as a return type or as a TYPE of variable. Does it lead to any exploitation of program in any means like use strcpy( ) leads to some sort of exploitation to the progarm ?
There is nothing wrong with strcpy. The problem in using it lies in
the programmer, not in the function. If the programmer is
careless, her app *might* be vulnerable to exploitation.
If you always check that the receiving buffer is at least as
long as the sending buffer, there is no problem:
if ( strlen(sender) <= known_length_of_receiver ) {
strcpy( receiver, sender );
}
There's some ambiguity about known_length_of_receiver.
The receiving area's string length (if it contains a string
at all) is irrelevant, so what's really important is instead
known_size_of_receiver. But in that case, the <= above is
wrong and should be < instead ...
"Even in trivia there are traps."
or you can exclusively use strncpy()
Blecch.
-- Er*********@sun.com
Eric Sosman <Er*********@sun.comwrote:
or you can exclusively use strncpy()
Blecch.
Having looked like an idiot by trying to use strncpy() the way it
*should* work and not the way it *does* work, in public, more than
once, I second that "blecch".
--
C. Benson Manica | I *should* know what I'm talking about - if I
cbmanica(at)gmail.com | don't, I need to know. Flames welcome.
Eric Sosman wrote:
There's some ambiguity about known_length_of_receiver.
The receiving area's string length (if it contains a string
at all) is irrelevant, so what's really important is instead
known_size_of_receiver. But in that case, the <= above is
wrong and should be < instead ...
"Even in trivia there are traps."
>or you can exclusively use strncpy()
Blecch.
I've always found it fairly ridiculous that strncpy() insists on nullifying
anything remaining. What exactly was the thinking there in that purpose?
If you know the length enough to compare, might as well just use memcpy()
anwyays.
If it's coming from a foreign source, chances are you read it from some other
source - hence you probably have the length already and can avoid all of the
str* functions.
Christopher Layne <cl****@com.anodizedwrites:
I've always found it fairly ridiculous that strncpy() insists on nullifying
anything remaining. What exactly was the thinking there in that purpose?
Read the Rationale.
7.21.2.4 The strncpy function
strncpy was initially introduced into the C library to deal
with fixed-length name fields in structures such as
directory entries. Such fields are not used in the same
way as strings: the trailing null is unnecessary for a
maximum-length field, and setting trailing bytes for
shorter names to null assures efficient field-wise
comparisons. strncpy is not by origin a "bounded strcpy,"
and the Committee preferred to recognize existing practice
rather than alter the function to better suit it to such
use.
--
"Some people *are* arrogant, and others read the FAQ."
--Chris Dollin
Fred Kleinschmidt wrote:
"Lalatendu Das" <la******@gmail.comwrote in message
>Is it vulnerable to use "void *" in the program as a return type or as a TYPE of variable. Does it lead to any exploitation of program in any means like use strcpy( ) leads to some sort of exploitation to the progarm ?
There is nothing wrong with strcpy. The problem in using it lies in the programmer, not in the function. If the programmer is
careless, her app *might* be vulnerable to exploitation.
If you always check that the receiving buffer is at least as
long as the sending buffer, there is no problem:
if ( strlen(sender) <= known_length_of_receiver ) {
strcpy( receiver, sender );
}
or you can exclusively use strncpy()
Or better, use strlcpy (which is non-standard). You can find a
portable implementation with documentation at:
<http://cbfalconer.home.att.net/download/>
--
<http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt>
<http://www.securityfocus.com/columnists/423>
"A man who is right every time is not likely to do very much."
-- Francis Crick, co-discover of DNA
"There is nothing more amazing than stupidity in action."
-- Thomas Matthews
Thanks for all the infos.
I guess Malcom has told really relevant thing.
And I find the discussion about strcpy and strncpy intresting.
But I would rather prefer strncpy to (a condition + strcpy).
Thanks anyways.
Lalatendu Das said:
Thanks for all the infos.
I guess Malcom has told really relevant thing.
And I find the discussion about strcpy and strncpy intresting.
But I would rather prefer strncpy to (a condition + strcpy).
That is almost always a mistake, because it involves potential data
loss. Make sure your buffer is big enough for strcpy. If it isn't, get
a bigger buffer!
--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999 http://www.cpax.org.uk
email: rjh at the above domain, - www.
"Fred Kleinschmidt" <fr******************@boeing.comwrote:
or you can exclusively use strncpy()
Yuck. strncpy() is just wrong, in the context of the rest of the
library[1]. Instead of
strncpy(str1, str2, n);
str1[n]='\0';
which almost always does the Wrong Thing, do
*str1='\0';
strncat(str1, str2, n-1);
which does what you actually want.
Richard
[1] It's right in the very limited historical context out of which it
grew, but that's no help to the other 99.99% of programs out there.
On 11 Feb, 08:14, Richard Heathfield <r...@see.sig.invalidwrote:
Lalatendu Das said:
Thanks for all the infos.
I guess Malcom has told really relevant thing.
And I find the discussion about strcpy and strncpy intresting.
But I would rather prefer strncpy to (a condition + strcpy).
That is almost always a mistake, because it involves potential data
loss. Make sure your buffer is big enough for strcpy. If it isn't, get
a bigger buffer!
plus it can copy unnecessary data.
char *s = "short";
char t [10000];
strncpy (s, t, 10000);
copies ~10000 nul characters at the end.
--
Nick Keighley
"Nick Keighley" <ni******************@hotmail.comwrote in message
On 11 Feb, 08:14, Richard Heathfield <r...@see.sig.invalidwrote:
>Lalatendu Das said:
Thanks for all the infos.
I guess Malcom has told really relevant thing.
And I find the discussion about strcpy and strncpy intresting.
But I would rather prefer strncpy to (a condition + strcpy).
That is almost always a mistake, because it involves potential data loss. Make sure your buffer is big enough for strcpy. If it isn't, get a bigger buffer!
plus it can copy unnecessary data.
char *s = "short";
char t [10000];
strncpy (s, t, 10000);
copies ~10000 nul characters at the end.
But often you want that. If we've got any sort of memory problem then t
having old bits of human-readable strings embedded in it is going to
complicate debugging considerably.
Malcolm McLean wrote, On 12/02/07 19:55:
"Nick Keighley" <ni******************@hotmail.comwrote in message
>On 11 Feb, 08:14, Richard Heathfield <r...@see.sig.invalidwrote:
>>Lalatendu Das said: Thanks for all the infos. I guess Malcom has told really relevant thing. And I find the discussion about strcpy and strncpy intresting. But I would rather prefer strncpy to (a condition + strcpy). That is almost always a mistake, because it involves potential data loss. Make sure your buffer is big enough for strcpy. If it isn't, get a bigger buffer!
plus it can copy unnecessary data.
char *s = "short"; char t [10000]; strncpy (s, t, 10000);
copies ~10000 nul characters at the end.
But often you want that.
I've never wanted that.
If we've got any sort of memory problem then t
having old bits of human-readable strings embedded in it is going to
complicate debugging considerably.
Not really since you can see where the copied string ended easily enough.
On the other hand I don't want the needless inefficiency.
--
Flash Gordon
Flash Gordon said:
Malcolm McLean wrote, On 12/02/07 19:55:
>"Nick Keighley" <ni******************@hotmail.comwrote...
>>plus [strncpy] can copy unnecessary data.
char *s = "short"; char t [10000]; strncpy (s, t, 10000);
copies ~10000 nul characters at the end.
But often you want that.
I've never wanted that.
I have wanted that behaviour from time to time, but very rarely.
If we've got any sort of memory problem then t having old bits of human-readable strings embedded in it is going to complicate debugging considerably.
Not really since you can see where the copied string ended easily
enough.
More relevantly, Malcolm could have pointed out that having old bits of
human-readable string embedded in your data is a security risk for
programs where that matters. So sometimes it's a good idea to scrub the
data clean.
On the other hand I don't want the needless inefficiency.
Yes. When you don't need it, why pay for it?
And for my own part, I don't want the needless arbitrary data loss.
--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999 http://www.cpax.org.uk
email: rjh at the above domain, - www.
"Richard Heathfield" <rj*@see.sig.invalidwrote in message
>Not really since you can see where the copied string ended easily enough.
More relevantly, Malcolm could have pointed out that having old bits of
human-readable string embedded in your data is a security risk for
programs where that matters. So sometimes it's a good idea to scrub the
data clean.
Exactly that thing happened to me the other day.
I was debugging a front end to MiniBasic. I called my test program
"helloFred". It asked me for a name, and I entered "Fred". Then it answered
"Hello Fred". However I neither scrubbed the buffer nor intialised it
correctly, so it printed out "Hello helloFred Fred". That sort of bug is OK
if you catch it early, but extremely confusing if it arises later on.
Malcolm McLean said:
>
"Richard Heathfield" <rj*@see.sig.invalidwrote in message
>>Not really since you can see where the copied string ended easily enough.
More relevantly, Malcolm could have pointed out that having old bits of human-readable string embedded in your data is a security risk for programs where that matters. So sometimes it's a good idea to scrub the data clean.
Exactly that thing happened to me the other day.
I was debugging a front end to MiniBasic. I called my test program
"helloFred". It asked me for a name, and I entered "Fred". Then it
answered "Hello Fred". However I neither scrubbed the buffer nor
intialised it correctly, so it printed out "Hello helloFred Fred".
How is that a security risk, exactly? Is Fred a secret agent? How does
Wilma feel about this? Is Mr Slate an agent provocateur? :-)
--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999 http://www.cpax.org.uk
email: rjh at the above domain, - www.
Malcolm McLean wrote:
>copies ~10000 nul characters at the end.
But often you want that. If we've got any sort of memory problem then t
having old bits of human-readable strings embedded in it is going to
complicate debugging considerably.
Dude, no way.
Malcolm McLean wrote, On 13/02/07 08:15:
"Richard Heathfield" <rj*@see.sig.invalidwrote in message
>>Not really since you can see where the copied string ended easily enough.
More relevantly, Malcolm could have pointed out that having old bits of human-readable string embedded in your data is a security risk for programs where that matters. So sometimes it's a good idea to scrub the data clean.
Yes, I agree there are sometimes good reasons. I also agree with the
rest of what you posted that Malcolm snipped.
Exactly that thing happened to me the other day.
I was debugging a front end to MiniBasic. I called my test program
"helloFred". It asked me for a name, and I entered "Fred". Then it answered
"Hello Fred". However I neither scrubbed the buffer nor intialised it
correctly, so it printed out "Hello helloFred Fred". That sort of bug is OK
if you catch it early, but extremely confusing if it arises later on.
It may be to you but I do not find it confusing at all. I would know
that depending on what I was doing I had either failed to initialised
the buffer or I had copied in a string without the nul termination.
--
Flash Gordon
"Richard Heathfield" <rj*@see.sig.invalidwrote in message
>Exactly that thing happened to me the other day. I was debugging a front end to MiniBasic. I called my test program "helloFred". It asked me for a name, and I entered "Fred". Then it answered "Hello Fred". However I neither scrubbed the buffer nor intialised it correctly, so it printed out "Hello helloFred Fred".
How is that a security risk, exactly? Is Fred a secret agent? How does
Wilma feel about this? Is Mr Slate an agent provocateur? :-)
You think Fred is a real name?
Malcolm McLean wrote:
>
"Richard Heathfield" <rj*@see.sig.invalidwrote in message
>>Exactly that thing happened to me the other day. I was debugging a front end to MiniBasic. I called my test program "helloFred". It asked me for a name, and I entered "Fred". Then it answered "Hello Fred". However I neither scrubbed the buffer nor intialised it correctly, so it printed out "Hello helloFred Fred".
How is that a security risk, exactly? Is Fred a secret agent? How does Wilma feel about this? Is Mr Slate an agent provocateur? :-)
You think Fred is a real name?
My father certainly does.
--
Chris "electric hedgehog" Dollin
"- born in the lab under strict supervision -", - Magenta, /Genetesis/
Malcolm McLean said:
>
"Richard Heathfield" <rj*@see.sig.invalidwrote in message
>>Exactly that thing happened to me the other day. I was debugging a front end to MiniBasic. I called my test program "helloFred". It asked me for a name, and I entered "Fred". Then it answered "Hello Fred". However I neither scrubbed the buffer nor intialised it correctly, so it printed out "Hello helloFred Fred".
How is that a security risk, exactly? Is Fred a secret agent? How does Wilma feel about this? Is Mr Slate an agent provocateur? :-)
You think Fred is a real name?
I could answer that, but then I'd have to kill you, and neither of us
wants that to happen, now do we?
--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999 http://www.cpax.org.uk
email: rjh at the above domain, - www.
Chris Dollin said:
Malcolm McLean wrote:
>> "Richard Heathfield" <rj*@see.sig.invalidwrote in message
>>>Exactly that thing happened to me the other day. I was debugging a front end to MiniBasic. I called my test program "helloFred". It asked me for a name, and I entered "Fred". Then it answered "Hello Fred". However I neither scrubbed the buffer nor intialised it correctly, so it printed out "Hello helloFred Fred".
How is that a security risk, exactly? Is Fred a secret agent? How does Wilma feel about this? Is Mr Slate an agent provocateur? :-)
You think Fred is a real name?
My father certainly does.
Why is Malcolm typing your father's name into his program? Has he
acquired the necessary permission from your father, to comply with the
Data Protection Act? If not, you might want to give serious thought to
starting legal proceedings.
--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999 http://www.cpax.org.uk
email: rjh at the above domain, - www.
"Richard Heathfield" <rj*@see.sig.invalidwrote in message
>
>You think Fred is a real name?
I could answer that, but then I'd have to kill you, and neither of us
wants that to happen, now do we?
That's the second person who has threatened to have to kill me on this ng
today. I'm sure there's some sort of law against it.
If you look at the keyboard, the mystery of the choice will be resolved.
"Hello Fred" is a slightly more rigorous test of a computer system than
"Hello World", since it aquires input from the user, processes it, and sends
back an output.
Richard Heathfield wrote:
Chris Dollin said:
>Malcolm McLean wrote:
>>"Richard Heathfield" <rj*@see.sig.invalidwrote in message
Exactly that thing happened to me the other day. I was debugging a front end to MiniBasic. I called my test program "helloFred". It asked me for a name, and I entered "Fred". Then it answered "Hello Fred". However I neither scrubbed the buffer nor intialised it correctly, so it printed out "Hello helloFred Fred".
How is that a security risk, exactly? Is Fred a secret agent? How does Wilma feel about this? Is Mr Slate an agent provocateur? :-)
You think Fred is a real name?
My father certainly does.
Why is Malcolm typing your father's name into his program? Has he
acquired the necessary permission from your father, to comply with
the Data Protection Act? If not, you might want to give serious
thought to starting legal proceedings.
I think Malcolm is taking unacceptable liberties in using a
nickname, let alone a first name. He should be addressing him as
"Mr. Dollins", unless a bosom buddy. Correspondence might be
addressed to "Frederick Dollins, Esq." or to "Mr. Frederick
Dollins". Dahling is not a suitable substitute.
--
<http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt>
<http://www.securityfocus.com/columnists/423>
"A man who is right every time is not likely to do very much."
-- Francis Crick, co-discover of DNA
"There is nothing more amazing than stupidity in action."
-- Thomas Matthews
Malcolm McLean said:
>
"Richard Heathfield" <rj*@see.sig.invalidwrote in message
>>
>>You think Fred is a real name?
I could answer that, but then I'd have to kill you, and neither of us wants that to happen, now do we?
That's the second person who has threatened to have to kill me on this
ng today.
Check your deodorant. :-)
I'm sure there's some sort of law against it.
There's even a law, or at least a regulation, against taking photographs
in a shopping mall, as I discovered today. So yeah, there's probably
some kind of law against killing programmers, too. Which is a good
thing, obviously.
If you look at the keyboard, the mystery of the choice will be
resolved. "Hello Fred" is a slightly more rigorous test of a computer
system than "Hello World", since it aquires input from the user,
processes it, and sends back an output.
Yes, but why Fred? Don't give me any of this "it's really easy to type"
nonsense. You know the real reason, and I know you know, and I think
you know I know you know.
You're a closet Flintstones fan, right?
--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999 http://www.cpax.org.uk
email: rjh at the above domain, - www.
Nick Keighley wrote:
char *s = "short";
char t [10000];
strncpy (s, t, 10000);
Presumably you meant strncpy(t, s, 10000);
copies ~10000 nul characters at the end.
The majority of them is not necessarily *copied*.
--
DPS
On 19 Feb, 07:45, Dietmar Schindler <D...@Arcor.Dewrote:
Nick Keighleywrote:
char *s = "short";
char t [10000];
strncpy (s, t, 10000);
Presumably you meant strncpy(t, s, 10000);
copies ~10000 nul characters at the end.
The majority of them is not necessarily *copied*.
I don't really see your point. There are 10,000
unnecessary writes. You seem to be making a distinction
without a significant difference.
--
Nick Keighley
"Dietmar Schindler" <DS***@Arcor.Dewrote in message
Nick Keighley wrote:
> char *s = "short"; char t [10000]; strncpy (s, t, 10000);
Presumably you meant strncpy(t, s, 10000);
>copies ~10000 nul characters at the end.
The majority of them is not necessarily *copied*.
"Copy" isn't strictly the correct term since "s" may have only one
terminating NUL.
However the field will be padded out with zero bytes, which means about
10,000 memory writes.
Nick Keighley wrote:
>
On 19 Feb, 07:45, Dietmar Schindler <D...@Arcor.Dewrote:
Nick Keighleywrote:
char *s = "short";
char t [10000];
strncpy (s, t, 10000);
Presumably you meant strncpy(t, s, 10000);
copies ~10000 nul characters at the end.
The majority of them is not necessarily *copied*.
I don't really see your point. There are 10,000
unnecessary writes. You seem to be making a distinction
without a significant difference.
The difference between 10000 writes and 10000 copies could be about
10000 reads. Whether it is, and whether it is significant, is, of
course, implementation/application dependent.
--
DPS This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Kwan Ting |
last post by:
The_Sage, I see you've gotten yourself a twin asking for program in
comp.lang.c++ .
http://groups.google.co.uk/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&th=45cd1b289c71c33c&rnum=1
If you the oh so mighty...
|
by: dam_fool_2003 |
last post by:
Hai,
I thank those who helped me to create a single linked list with int
type. Now I wanted to try out for a void* type. Below is the code:
#include<stdlib.h>
#include<stdio.h>...
|
by: Stig Brautaset |
last post by:
Hi group,
I'm playing with a little generic linked list/stack library, and have a
little problem with the interface of the pop() function. If I used a
struct like this it would be simple:
...
|
by: Jason luo |
last post by:
Hi all,
In c99-standard page 52,there is a sentence about void,as below:
If an expression of any other type is evaluated as a void expression,
its value or designator is discarded.
I don't...
|
by: infobahn |
last post by:
printf("%p\n", (void *)0); /* UB, or not? Please explain your answer. */
|
by: sunglo |
last post by:
My doubt comes from trying to understand how thread return values work
(I know, it's off topic here), and I'm wondering about the meaning of
the "void **" parameter that pthread_join expects (I...
|
by: Juggernaut |
last post by:
I am trying to create a p_thread
pthread_create(&threads, &attr, Teste, (void *)var);
where var is a char variable.
But this doesnt't work, I get this message:
test.c:58: warning: cast to pointer...
|
by: Stijn van Dongen |
last post by:
A question about void*. I have a hash library where the hash create
function accepts functions
unsigned (*hash)(const void *a)
int (*cmp) (const void *a, const void *b)
The insert function...
|
by: Erik de Castro Lopo |
last post by:
Hi all,
The GNU C compiler allows a void pointer to be incremented and
the behaviour is equivalent to incrementing a char pointer.
Is this legal C99 or is this a GNU C extention?
Thanks in...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |