Vulnerability Development mailing list archives
Re: Secure coding in C (was Re: Administrivia #4883)
From: kay () PHREEDOM ORG (kay)
Date: Sat, 15 Jan 2000 13:14:56 +0200
On Fri, Jan 14, 2000 at 04:08:41PM -0500, Bennett Todd wrote: [snip] ] char *a = something(); ] char *b = something_else(); ] int len = strlen(a) + strlen(b); ] char *c = malloc(len + 1) || die("malloc"); ] (void) strcat(strcpy(c, a), b); ] ] BTW, what I ended up coding instead of that last line (as it grew ] way more complex) was equivalent to: ] ] snprintf(c, len, "%s%s", a, b) > 0 || die "snprintf"; I would like to point out glib - it si available from ftp.gtk.org and its mirrors. It is mainly a utility function library, widely used in Gtk+ and GNOME, but it has nothing to do with GUI at all. Particularly interesting is its GString object (yes, object; OOP is possible in C). To quote the manual: Description A GString is similar to a standard C string, except that it grows automatically as text is appended or inserted. The space allocated for the string is always a power of two, so as the string grows it will occupy 2, 4, 8, 16, 32, 64, 128 etc. characters. Details struct GString { gchar *str; gint len; }; The GString struct contains the public fields of a GString. The str field points to the character data. It may move as text is added. The len field contains the length of the string, not including the terminating null character. The str field is zero-terminated and so can be used as an ordinary C string. But it may be moved when text is appended or inserted into the string. And some of the functions available: GString* g_string_new(const gchar *init); GString* g_string_assign(GString *lval, const gchar *rval); void g_string_sprintf(GString *string, const gchar *format, ...); void g_string_sprintfa(GString *string, const gchar *format, ...); GString* g_string_append(GString *string, const gchar *val); GString* g_string_append_c(GString *string, gchar c); GString* g_string_prepend(GString *string, const gchar *val); GString* g_string_prepend_c(GString *string, gchar c); GString* g_string_insert(GString *string, gint pos, const gchar *val); GString* g_string_insert_c(GString *string, gint pos, gchar c); GString* g_string_erase(GString *string, gint pos, gint len); GString* g_string_truncate(GString *string, gint len); void g_string_free(GString *string, gint free_segment); I find it pretty useful for security-sensitive applications. Also if the whole library is too big for your taste, you could always cut only the GString part - it is LGPL. ] -Bennett -- key ID: 1024D/F00A7E3F (DSS) user ID: kay <kay () phreedom org> fingerprint: DDCC 1A8C 30C5 8C7B C7E3 8808 02C3 1A5D F00A 7E3F
Current thread:
- Re: Secure coding in C (was Re: Administrivia #4883), (continued)
- Re: Secure coding in C (was Re: Administrivia #4883) Bennett Todd (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) Liviu Daia (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) spin0ff (Jan 16)
- ICQ >= 99* + CC Data (Was: Re: Administrivia #4883) Ken Williams (Jan 16)
- Re: ICQ >= 99* + CC Data Vanja Hrustic (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Liviu Daia (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Valery Dachev (Jan 17)
- Netdetect.exe with backdoor? (ICQ) WolF Knox (Jan 15)
- Re: Netdetect.exe with backdoor? (ICQ) Brad Griffin (Jan 15)
- Re: Secure coding in C (was Re: Administrivia #4883) Iván Arce (Jan 14)
- Re: Secure coding in C (was Re: Administrivia #4883) kay (Jan 15)
- Re: Secure coding in C (was Re: Administrivia #4883) Brian Masney (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) K Martin (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Paul Cardon (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) K Martin (Jan 17)
- Re: Secure coding in C (was Re: Administrivia #4883) Bennett Todd (Jan 17)
- Re: Secure coding in C (was Re: Administrivia #4883) Aviram Jenik (Jan 16)
- Re: Secure coding in C (was Re: Administrivia #4883) Craig H. Rowland (Jan 17)
- Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days Solar Eclipse (Jan 17)
- Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days Blue Boar (Jan 17)
- Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days kay (Jan 18)