Security Basics mailing list archives
Re: Any reason not to use strcpy, strcat or scanf?
From: Hollis Johnson <hollis () cisco com>
Date: Wed, 14 Jul 2004 13:01:03 -0700
A.V. To my knowledge there is no "unpredicatable" behavior per say. However.....
If you run the stop sign at the end of the street eventually you will get a ticket....
So, if you practice using strncpy/strncat/scanf w/ %80s you KNOW don't have to ask yourself.... "Can I use it in this instance safely?"
That's our approach. At 12:59 PM 7/14/2004 +0200, A.V. wrote:
Hi, I was simply wondering after seeing the "blackhat audit" program sent to F-D whether there was actually any reason not to use these functions (strcpy/strcat/scanf) in your code. I mean, I understand why you shouldn't use scanf to i.e. process user input, but other than that? Some kind of unexpected behaviour or something? Thanks, A.V. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- Any reason not to use strcpy, strcat or scanf? A.V. (Jul 14)
- RE: Any reason not to use strcpy, strcat or scanf? David Gillett (Jul 15)
- Re: Any reason not to use strcpy, strcat or scanf? Hollis Johnson (Jul 15)
- Re: Any reason not to use strcpy, strcat or scanf? Kenny (Jul 16)
- RE: Any reason not to use strcpy, strcat or scanf? webb wang RR (Jul 16)
- <Possible follow-ups>
- RE: Any reason not to use strcpy, strcat or scanf? Keller, Tim (Jul 15)
- RE: Any reason not to use strcpy, strcat or scanf? Yvan Boily (Jul 16)
- Re: Any reason not to use strcpy, strcat or scanf? markzero (Jul 16)
- RE: Any reason not to use strcpy, strcat or scanf? Yvan Boily (Jul 16)
- RE: Any reason not to use strcpy, strcat or scanf? Rocky Heckman (Jul 16)
- RE: Any reason not to use strcpy, strcat or scanf? Yvan Boily (Jul 16)