This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Talk:Reviewing Code for Buffer Overruns and Overflows"
From OWASP
(Please remove statement about %n) |
(Use DIM or sizeof) |
||
Line 1: | Line 1: | ||
Under "Walking the stack", the statement "the %n directive in printf()... takes an int* and writes the number of bytes so far to that location" is incorrect. "%n" is defined for the sscanf() function, but not for printf()... unless somebody knows of a non-standard implementation of C which does behave in this way, in which case that implementation should be identified. | Under "Walking the stack", the statement "the %n directive in printf()... takes an int* and writes the number of bytes so far to that location" is incorrect. "%n" is defined for the sscanf() function, but not for printf()... unless somebody knows of a non-standard implementation of C which does behave in this way, in which case that implementation should be identified. | ||
+ | |||
+ | == Use DIM or sizeof == | ||
+ | |||
+ | The good patterns sections should suggest to either use sizeof or the usual DIM macro instead of hard coding the length of the buffer. I.e.: | ||
+ | |||
+ | char smallBuffer[10]; // size of 10 | ||
+ | strncpy(smallBuffer, userId, sizeof smallBuffer); | ||
+ | ... |
Latest revision as of 17:42, 1 May 2007
Under "Walking the stack", the statement "the %n directive in printf()... takes an int* and writes the number of bytes so far to that location" is incorrect. "%n" is defined for the sscanf() function, but not for printf()... unless somebody knows of a non-standard implementation of C which does behave in this way, in which case that implementation should be identified.
Use DIM or sizeof
The good patterns sections should suggest to either use sizeof or the usual DIM macro instead of hard coding the length of the buffer. I.e.:
char smallBuffer[10]; // size of 10 strncpy(smallBuffer, userId, sizeof smallBuffer); ...