Re: Dangerous strcpy
I wrote:
I tried out a "security checker" today that supposedly
looks for
security-related properties of code. It mostly produced nonsense, but
it did find this: in sound.c, line 645, we do a strcpy. We are copying
into a stack buffer of fixed size (255 bytes). We are copying from
h->h_name, where h is a struct hostent * returned by gethostbyname().
Do we actually know that h->h_name must be 254 (+ 1 null terminator)
characters long or less? I don't see anything on the gethostbyname man
page that so indicates.
Vladimir Ivanovic wrote to tell me that he sees various definitions of
MAXHOSTNAMELEN, including 32, 64, and 255. He also pointed out that
POSIX defines a bound. According to the current POSIX spec, platforms
may define a constant named HOST_NAME_MAX in <limits.h> that gives the
length of the largest string that gethostbyname() will return. It also
states that they may fail to define that constant, in which case you
have to use sysconf() to find the right value. If HOST_NAME_MAX is
defined, then it must be no smaller than 255.
The upshot is that overrunning the buffer is unlikely, but possible,
since some systems may support host names of length > 255. Well, 254,
with the code in its present state.
Thanks Vladimir!
--
Jerry James, Assistant Professor james(a)xemacs.org
Computer Science Department http://www.cs.usu.edu/~jerry/
Utah State University