mailing list archives
Fixing up Qpopper
From: chris () FERRET LMH OX AC UK (Chris Evans)
Date: Mon, 29 Jun 1998 11:00:55 +0100
Everyone is scrambling around trying to analyse which sprintf()'s are
going to cause overflows in qpopper.
This is not the proper approach to security. It causes additional
overruns to be missed, as is witnessed by lots of "here's another one"
posts seen on the topic so far. There will always be some weird code path
that concatenates strings longer than you expected, etc.
Successful protection of security related software commonly uses one of
1) Bounds check _all_ copies. For example, samba just did a mass switch
from strcpy to strncpy. Of course, after a strncpy you must remember
to ensure the destination is properly null terminated.
2) When copying data, work out the required new length then make a new
buffer of required size on the fly. Lots of programs with very good
security records have used this approach.