Home > Software > Linux



OpenBSD's strlcpy() and strlcat()

Sort Desciption:

C UNIX FreeBSD OpenBSD NetBSD MacOS X Solaris. Attacks ... Both functions are defined in string.h for many UNIX variants including OpenBSD and ...



Content Inside:

OpenBSD's strlcpy() and strlcat()Page 11.daisy:268 (Plakosh Daniel)OpenBSD's strlcpy() and strlcat()Daniel Plakosh Software Engineering Institute vita1]Copyright 2005 Pearson Education Inc.20050927Many UNIX variants provides the strlcpy() and strlcat() functions to copy and concatenatestrings in a less errorprone manner.Development ContextCopying and concatenating character stringsTechnology ContextC UNIX FreeBSD OpenBSD NetBSD MacOS X SolarisAttacksAttacker executes arbitrary code on machine with permissions of compromised process or changes thebehavior of the program.RiskThe strcpy() and strcat() functions are a source of buffer overflow vulnerabilities.DescriptionMany UNIX variants provide the strlcpy() and strlcat() functions to copy and concatenatestrings in a less errorprone manner. These functions prototypes are as follows:size_t strlcpy(char *dst const char *src size_t size);size_t strlcat(char *dst const char *src size_t size);The strlcpy() function copies the nullterminated string from src to dst (up to size characters). Thestrlcat() function appends the nullterminated string src to the end of dst (but no more than sizecharacters will be in the destination).To help prevent writing outside the bounds of the array the strlcpy() and strlcat() functionsaccept the full size of the destination string as a size parameter. For statically allocated buffers thisvalue is easily computed at compile time using the sizeof() operator.Both functions guarantee that the destination string is null terminated for all nonzerolength buffers toOpenBSD's strlcpy() and strlcat()1ID: 315 | Version: 4 | Date: 3/28/06 12:18:26 PMPage 2prevent nulltermination errors.The strlcpy() and strlcat() functions return the total length of the string created. Forstrlcpy() that is simply the length of the source; for strlcat() it is the length of the destination(before concatenation) plus the length of the source. To check for truncation the programmer need onlyverify that the return value is l ...

Source: buildsecurityin.us-cert.gov


add to Google Reader add to Google Bookmark add to bloglines add to newsgator add to FURL add to digg add to webnews add to Netscape add to Yahoo MyWeb add to spurl.net add to diigo Bookmark newsvine Bookmark del.icio.us Bookmark @ SIMPIFY Bookmark MISTER WONG Bookmark Linkarena Bookmark icio.de Bookmark oneview Bookmark folkd.com Bookmark yigg.de Bookmark reddit Bookmark StumbleUpon Bookmark Slashdot Bookmark blinklist Bookmark technorati add to blogmarks add to blinkbits add to ma.gnolia add to smarking.com add to netvouz add to co.mments add to Connotea add to de.lirio.us
Search Terms:

 

Related Files

TruePort Linux User Guide

Filed under: Software and Linux
TruePort Linux User Guide, Version 6.0, Part #5500164-10 1 TruePort Linux User Guide This document ... SSL/TLS Trouble Shooting ...

066 - Advanced Unix/Linux Admin & Microsoft Windows Integration

Filed under: Software and Linux
... com.au www.mit.com.au Overview This course has a strong practical slant covering the use of Linux ... and test login i) Security - Iptables, firewalling j) Putty -secure remote admin Day 5 Trouble shooting a ...

Using under OpenBSD

Filed under: Software and Linux
participates in the de] OpenBSD Translation Project. . runs the OpenBSD mirror at the University of Erlangen. Germany (. anoncvs2.de.openbsd.org ...

eurobsdcon 05 For Your Information: OpenBSD @ eurobsdcon 05 ...

Filed under: Software and Linux
Implementing and deploying OpenBSD based wireless networks using hostapd ... cesspoints and a centralized OpenBSD network booting and management server. ...

Using OpenBSD and Snort to build ready to roll Network Intrusion ...

Filed under: Software and Linux
Overview of OpenBSD and Snort. Deployment of Distributed Network Intrusion ... $OpenBSD: Makefilev1.201 2004/02/29 18:02:14 deraadt Exp $ ...