Date: Tue, 20 Oct 1998 18:44:46 +0100 (BST)
From: (Alan Cox) <alan@lxorguk.ukuu.org.uk>
To: (Chuck W.) <poke@oly.silverlink.net>
Subject: Re: "chat"
Cc: security-audit@ferret.lmh.ox.ac.uk
> Just curious, is there an official programming standard that, when
> followed strictly, has a tendency to create programs that are free of
> overflow programs?
There is no single method I've seen. qmail has its own distinct set of
string operations.
The general rules I would suggest are
1. Always pass the length of a buffer into a function. If the length
is guaranteed to be a given size then document it and use a #define
so the size always does match
2. Use snprintf and friends aggressively. If you don't use a function
that doesn't take length limits you will be a lot safer
3. Except where there are performance issues or the size situation
is obvious then dynamically allocate objects.
Alan
