[Cryptography] bounded pointers in C
Peter Fairbrother
zenadsl6186 at zen.co.uk
Fri Apr 18 14:36:38 EDT 2014
On 18/04/14 18:51, Viktor Dukhovni wrote:
> On Fri, Apr 18, 2014 at 01:53:02PM +0100, Peter Fairbrother wrote:
>
>> Now if C had proper bounded pointers for strings and arrays, then using
>> malloc and memcpy would throw out a big flag - why on Earth are you using
>> this dangerous stuff instead of the nice safe string/array commands? - but
>> as C doesn't have nice safe string/array commands ...
>
> Well written C software solves this with suitable string libraries,
> which though they are not part of the base language, are used
> consistently to handle variable length character data.
>
> - Perl, Tcl, Python, ... all have internal data types that
> are strings with a length.
>
> - Postfix has "vstring" and "vstream".
>
> A major step forward would be to simply extend the standard library
> with a suitably safe set of new interfaces. Basically safe strings
> and a safe stdio library that works with these. We don't have to
> make incompatible changes to the language.
>
I think, in order to prevent C programmers, and all the old C code, from
using the same old unchecked shit in all it's forms, we actually do have
to make incompatible changes.
It is not just required, it is a requirement; so that at least all that
old code will be put through a code checker.
It's 30 years overdue for the standard everyday implementations of
strings and arrays to be bounds-checked.
But you can't do only that nowadays, as people use malloc, memcpy etc to
manipulate what are really strings and arrays, perhaps because they are
more convenient or give better performance, or perhaps because that's
just what they are used to.
And all those other unbounds-checked options have to be checked out too.
Now that's not to say that we can't simply replace the str,,, where they
have been used - but that is not enough.
-- Peter Fairbrother
More information about the cryptography
mailing list