Ethereal-dev: Re: [Ethereal-dev] strcpy harmful, what?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Ulf Lamping <ulf.lamping@xxxxxx>
Date: Sat, 22 Oct 2005 11:46:00 +0200
Andrew Hood wrote:

So include it (unless you have a problem with the BSD-style license),
and let configure decide if it needs to be compiled. Quote:

Availability

The source code for strlcpy() and strlcat() is available free of charge
and under a BSD-style license as part of the OpenBSD operating system.
You may also download the code and its associated manual pages via
anonymous ftp from ftp.openbsd.org in the directory
/pub/OpenBSD/src/lib/libc/string. The source code for strlcpy() and
strlcat() is in strlcpy.c and strlcat.c. The documentation (which uses
the tmac.doc troff macros) may be found in strlcpy.3.
Ok, some background here.

I think that using strcpy (and strcat which is "basically" the same thing in this regard) is commonly known to be often causing security problems.

If you have a look how strcpy is often used inside Ethereal, you'll notice that people tend to re implement sprintf in some way. Doing this is just another way to invent new security problems.

Realizing this, it comes to the point of forcing (unskilled) developers to use secure functions. The easiest way to do this is to forbid the usage of functions known to cause trouble. And it's not only the function usage making trouble, but also the surroundings of that function.

Using a stack buffer to work with strcpy (and alike) is a common cause of security problems ...

Regards, ULFL