Full Disclosure mailing list archives
Re: C99 Security Alert-Old-New-Who-Cares :) - (:
From: Valdis.Kletnieks () vt edu
Date: Fri, 30 May 2003 11:41:38 -0400
On Fri, 30 May 2003 04:05:32 -0000, "democow ...." <democow8086 () hotmail com> said:
char * strcpy(char * dest,const char *src)
{
char *tmp = dest;
[1] while ((*dest++ = *src++) != '\0')
/* nothing */;
return tmp;
}
Kernighan & Ritchie, "The C Programming Language", had this in the first
edition - and correctly noted that this can be further optimized to:
while (*dest++ = *src++);
eliminating a comparison to '\0'. So not only is it insecure, but it's
inefficient, unless you have a *really* good optimizing compiler that can
tell that the comparison to null can be optimized away. And yes, you
need a *good* optimizer that can see that comparing to a null byte is
a special case (for instance, you can't optimize != '\n' the same way).
Attachment:
_bin
Description:
Current thread:
- C99 Security Alert-Old-New-Who-Cares :) - (: democow .... (May 29)
- Re: C99 Security Alert-Old-New-Who-Cares :) - (: Valdis . Kletnieks (May 30)
- <Possible follow-ups>
- RE: C99 Security Alert-Old-New-Who-Cares :) - (: Schmehl, Paul L (May 30)
