Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer

from [Solar Designer] Network Security [Permanent Link]
Subject: safely concatenating strings in portable C (Re: GnuPG 1.4 and 2.0 buffer overflow)
Date: Thu, 30 Nov 2006 04:41:35 +0300 
On Mon, Nov 27, 2006 at 06:13:02PM +0100, Werner Koch wrote:

+    n = strlen(s) + (defname?strlen (defname):0) + 10;
     prompt = xmalloc(n);
     if( defname )
        sprintf(prompt, "%s [%s]: ", s, defname );

...

Note, that using snprintf would not have helped in
this case.  How I wish C-90 had introduced asprintf or at least it
would be available on more platforms.


Actually, if you dare to use snprintf() (either because you don't need
your code to be portable to platforms that lack snprintf() or because
you provide an implementation along with your application), then
implementing asprintf() on top of snprintf() is fairly easy (although
you do need to consider both snprintf() return value conventions).

However, in those (most common) cases when all you need is to concatenate
strings, relying on or providing an snprintf() implementation might be
an overkill.  For that reason, I wrote a trivial concat() function (for
popa3d) that should be much easier to audit than a full-blown *printf().
Please feel free to reuse it in any applications with no need to even
credit me (consider it hereby placed in the public domain, or you may
use it under the terms of the popa3d LICENSE).

The usage of concat() is as follows:

        prompt = concat(s, " [", defname, "]: ", NULL);

You may also define an xconcat() (that would exit the program if the
allocation fails).

The code may be found here:

        
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/popa3d/popa3d/misc.c?rev=HEAD

(it's the last function currently defined in that source file), or here
is the current revision:

#include <string.h>
#include <stdarg.h>
#include <stdlib.h>
#include <limits.h>

char *concat(char *s1, ...)
{
        va_list args;
        char *s, *p, *result;
        unsigned long l, m, n;

        m = n = strlen(s1);
        va_start(args, s1);
        while ((s = va_arg(args, char *))) {
                l = strlen(s);
                if ((m += l) < l) break;
        }
        va_end(args);
        if (s || m >= INT_MAX) return NULL;

        result = malloc(m + 1);
        if (!result) return NULL;

        memcpy(p = result, s1, n);
        p += n;
        va_start(args, s1);
        while ((s = va_arg(args, char *))) {
                l = strlen(s);
                if ((n += l) < l || n > m) break;
                memcpy(p, s, l);
                p += l;
        }
        va_end(args);
        if (s || m != n || p - result != n) {
                free(result);
                return NULL;
        }

        *p = 0;
        return result;
}

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability, infection
Next by Date:  contentserv 4.x, capt . nem0
Previous by Thread:  GnuPG 1.4 and 2.0 buffer overflow, Werner Koch
Next by Thread:  CVE-2006-5815: remote code execution in ProFTPD, John Morrissey
Indexes:  [Date] [Thread] [Top] [All Lists]