Re: buffer overflow in /bin/gzip?

To: debian-security@lists.debian.org
Subject: Re: buffer overflow in /bin/gzip?
From: Sebastian Rittau <srittau@jroger.in-berlin.de>
Date: Wed, 21 Nov 2001 08:29:09 +0100
Message-id: <[🔎] 20011121082909.A17624@jroger.in-berlin.de>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 3BFB4E15.24929512@visi.com>
References: <[🔎] Pine.LNX.4.33.0111201653440.2770-100000@inconnu.isu.edu> <[🔎] 3BFB4E15.24929512@visi.com>

On Wed, Nov 21, 2001 at 12:47:49AM -0600, Bryan Andersen wrote:

> On thing I think is quite important is to get rid of calls to 
> routines that it is possible to buffer overflow.  OpenBSD has a 
> "feature" in their version of gcc that will cause a compile time 
> error message telling you when one of the standard library 
> routines known to be overflowable is used.

I hope strcpy() does not belong to this class. It's quite common to do
something like this:

int len = strlen(s);
char *new = (char *) malloc(len + 1);
strcpy(new, s);

This is perfectly fine.

strncpy() is even more dangerous, since it doesn't add a final nul-byte if
strlen(src) > n. Most people are not aware of this problem. So, most of
the time you use strncpy() you should use a construction like this:

strncpy(dst, src, len);
dst[len] = '\0';

 - Sebastian

Reply to:

Follow-Ups:
- Re: buffer overflow in /bin/gzip?
  - From: Andrew Suffield <asuffield@debian.org>

References:
- Re: buffer overflow in /bin/gzip?
  - From: John Galt <galt@inconnu.isu.edu>
- Re: buffer overflow in /bin/gzip?
  - From: Bryan Andersen <bryan@visi.com>

Prev by Date: Debian packages signed?
Next by Date: Mail-server config
Previous by thread: Re: buffer overflow in /bin/gzip?
Next by thread: Re: buffer overflow in /bin/gzip?
Index(es):
- Date
- Thread