Comments on: String Theory (..for Windows) http://taossa.com/index.php/2007/01/09/string-theory-for-windows/ Continued ramblings on software security and code auditing Fri, 30 Jul 2010 13:23:55 +0000 http://wordpress.org/?v=2.0.5 by: Robin Keir http://taossa.com/index.php/2007/01/09/string-theory-for-windows/#comment-341 Thu, 22 Mar 2007 21:01:00 +0000 http://taossa.com/index.php/2007/01/09/string-theory-for-windows/#comment-341 One little gotcha with lstrcpyn(A/W) is that if the last parameter, the number of characters asked to be copied, is zero then nothing at all is done no characters are written, leaving youre destination buffer untouched. Imagine this: char szBuffer1[32]; char szBuffer2[] = Hello world; int nCharsToCopy = [some user supplied validated as >= 0]; lstrcpyn(szBuffer1, szBuffer2, nCharsToCopy); szBuffer1 is left completely uninitialized, potentially unterminated. One little gotcha with lstrcpyn(A/W) is that if the last parameter, the number of characters asked to be copied, is zero then nothing at all is done no characters are written, leaving youre destination buffer untouched.

Imagine this:

char szBuffer1[32];

char szBuffer2[] = Hello world;

int nCharsToCopy = [some user supplied validated as >= 0];

lstrcpyn(szBuffer1, szBuffer2, nCharsToCopy);

szBuffer1 is left completely uninitialized, potentially unterminated.

]]> by: mark http://taossa.com/index.php/2007/01/09/string-theory-for-windows/#comment-72 Fri, 12 Jan 2007 01:47:39 +0000 http://taossa.com/index.php/2007/01/09/string-theory-for-windows/#comment-72 ron: Thanks! Yeah, the scanf() family of functions might have been a good addition. I did consider it - essentially, there is a huge amount of string functions in addition to the ones i posted - *gets(), *scanf(), and many, many more if you look over MSDN. I just felt I should draw the line somewhere, because the post was getting quite large. Scanf() functions are a borderline case though, they are used with relative frequency, I suppose. anonymous: I know it, baby! ron: Thanks! Yeah, the scanf() family of functions might have been a good addition. I did consider it - essentially, there is a huge amount of string functions in addition to the ones i posted - *gets(), *scanf(), and many, many more if you look over MSDN. I just felt I should draw the line somewhere, because the post was getting quite large. Scanf() functions are a borderline case though, they are used with relative frequency, I suppose.

anonymous: I know it, baby!

]]> by: ron http://taossa.com/index.php/2007/01/09/string-theory-for-windows/#comment-69 Thu, 11 Jan 2007 16:31:50 +0000 http://taossa.com/index.php/2007/01/09/string-theory-for-windows/#comment-69 Good post, im surprised you didnt include the often misused sscanf() family. Good post, im surprised you didnt include the often misused sscanf() family.

]]> by: jm http://taossa.com/index.php/2007/01/09/string-theory-for-windows/#comment-66 Tue, 09 Jan 2007 15:01:05 +0000 http://taossa.com/index.php/2007/01/09/string-theory-for-windows/#comment-66 Good point, but I should explain that our primary concern is with auditing real-world code. So, even if there are safer ways of doing things, we have to focus on what people actually do in practice. Good point, but I should explain that our primary concern is with auditing real-world code. So, even if there are safer ways of doing things, we have to focus on what people actually do in practice.

]]> by: DrPizza http://taossa.com/index.php/2007/01/09/string-theory-for-windows/#comment-65 Tue, 09 Jan 2007 13:56:08 +0000 http://taossa.com/index.php/2007/01/09/string-theory-for-windows/#comment-65 I say this only because this post was tagged "C/C++", and because you mention functions that are supplied with VC++, but there is, of course, C++'s string library, which has two convenient properties: 1) it's counted (no annoying null termination to mess with) 2) it takes care of ensuring that the buffer is the right size for you I would argue that using the functions described in this post is unnecessarily complicated and that std::string/std::wstring are the only sensible string libraries that people should use. C strings are just asking for trouble. The only reasonable objection I think is the lack of a printf() equivalent, although this is not insurmountable (due to stringstreams and various parts of the Boost library). I say this only because this post was tagged “C/C++”, and because you mention functions that are supplied with VC++, but there is, of course, C++’s string library, which has two convenient properties:
1) it’s counted (no annoying null termination to mess with)
2) it takes care of ensuring that the buffer is the right size for you

I would argue that using the functions described in this post is unnecessarily complicated and that std::string/std::wstring are the only sensible string libraries that people should use. C strings are just asking for trouble. The only reasonable objection I think is the lack of a printf() equivalent, although this is not insurmountable (due to stringstreams and various parts of the Boost library).

]]> by: kumara http://taossa.com/index.php/2007/01/09/string-theory-for-windows/#comment-64 Tue, 09 Jan 2007 06:55:28 +0000 http://taossa.com/index.php/2007/01/09/string-theory-for-windows/#comment-64 thats really cool man thnx thats really cool man thnx

]]> by: anonymous http://taossa.com/index.php/2007/01/09/string-theory-for-windows/#comment-63 Tue, 09 Jan 2007 05:49:38 +0000 http://taossa.com/index.php/2007/01/09/string-theory-for-windows/#comment-63 mark is so sexy! mark is so sexy!

]]>