Security is the bits you disable before you ship
Jonathan Thornburg
jthorn at aei.mpg.de
Mon Mar 21 08:55:20 EST 2005
On Wed, 16 Mar 2005, Russell Nelson wrote:
> I've seen Dan Bernstein (and you don't get much
> more careful or paranoid about security than Dan) write code like
> this:
>
> static char line[999];
>
> len = 0;
> len += fmt_ulong(line + len,rp);
> len += fmt_str(line + len," , ");
> len += fmt_ulong(line + len,lp);
> len += fmt_str(line + len,"\r\n");
>
>
> Of course, the number of characters that fmt_ulong will insert is
> limited by the number of bits in an unsigned long, and both strings
> are of constant length.
Ick. Why not the simpler/clearer (and hence safer -- complexity makes
it harder to find bugs of any sort, including security ones) snprintf()
call:
#define N_LINE 999
static char line[N_LINE];
len = snprintf(line, N_LINE, "%ul , %ul\r\n", rp, lp);
snprintf() first appeared in 4.4BSD and is now in C99, so any modern
system should support it by now.
ciao,
--
-- Jonathan Thornburg <jthorn at aei.mpg.de>
Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut),
Golm, Germany, "Old Europe" http://www.aei.mpg.de/~jthorn/home.html
"Washing one's hands of the conflict between the powerful and the
powerless means to side with the powerful, not to be neutral."
-- quote by Freire / poster by Oxfam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list