On 24/02/2019 08:11, Martin Gregorie wrote:



> There are (relatively) simple ways to write secure code, such as always
> using the 'strn...' functions rather than the older 'str...' equivalents

This is a common misconception. The strn functions are, in some ways,
even easier to abuse than the str functions.

Hitchens's Razor, right? Okay, my rationale is this: those who think the
strn functions are somehow "safe" are far more likely to use them
*instead* of taking trouble to ensure that the right amount of storage
is allocated. And consider this:

  char s[12];
  strncpy(s, argv[1], 12);

(Heck no, of course I wouldn't do that. But people do, you know.)

The problem here is that if argv[1] is longer than 11 characters, you
end up with no terminator on the stri... well, it's not a string because
it doesn't have a terminator!

So much for "safe" functions.

> and *taking the trouble to size storage correctly* that make code a lot
> more bullet-proof.

This, however, is absolutely spot on.

If you don't have enough space for your data, you're going to get the
wrong answer even if you use strn. If I'm allowed to get the wrong
answer, I can write code that runs in almost zero time and takes almost
zero memory.

If you take the trouble to ensure that you have enough space for your
data, there's nothing wrong with using str.



--
Richard Heathfield
Email: rjh at cpax dot org dot uk
"Usenet is a strange place" - dmr 29 July 1999
Sig line 4 vacant - apply within

--- SoupGate-Win32 v1.05