Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
> You really think that aborting the program is the right behavior when a string is too long?
Yes, obviously yes. You are now outside the parameters of the program as written and the only 100% safe thing to do is just stop.
Or do you know of a magic solution that's not subject to silent truncation attacks?
The ups and downs of strlcpy()
Posted Jul 20, 2012 17:51 UTC (Fri) by jimparis (subscriber, #38647)
> Yes, obviously yes. You are now outside the parameters of the program as written and the only 100% safe thing to do is just stop.
It's not obvious, and it's not always true. Security is hard and there's not always one single answer.
If my code is trying to concatenate "/etc/passwd" and ".bak", then yes, it is likely better to stop executing rather than fail to append the suffix.
But if my code is a web server reading someone's preferred subtitle from a form, it's likely better to truncate "Jimparis the magnificent" to just "Jimparis the magni" if it can't fit in my buffer -- the rest of the code will behave no differently than if the user had just typed the truncated version in the first place, while bringing down a whole server process can easily turn into a DoS.
Posted Jul 20, 2012 18:29 UTC (Fri) by quotemstr (subscriber, #45331)
If you want that behavior, you can ask for it. If the programmer doesn't specify, the safer thing to do is abort. You'll notice an abort and fix it fast. You might not notice a truncation vulnerability until it's too late.
Posted Jul 20, 2012 20:31 UTC (Fri) by bronson (subscriber, #4806)
So what's the only safe thing for libc to do when it notices that initial conditions are invalid?
Posted Jul 21, 2012 4:19 UTC (Sat) by cmccabe (guest, #60281)
We all make copy and paste errors and all other things being equal, long, hard to inspect C code is less secure than short and clear code.
Posted Jul 25, 2012 2:00 UTC (Wed) by bronson (subscriber, #4806)
I agree with the rest of your comment.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds