[TUHS] buffer overflow (Re: Happy birthday Morris worm
lm at mcvoy.com
Wed Nov 13 08:14:18 AEST 2019
On Tue, Nov 12, 2019 at 02:10:46PM -0800, Bakul Shah wrote:
> On Tue, 12 Nov 2019 15:56:15 -0500 Norman Wilson <norman at oclsc.org> wrote:
> > My longer-term reaction was to completely drop my sloppy
> > old habit (common in those days not just in my code but in
> > that of many others) of ignoring possible buffer overflows.
> > I find it mind-boggling that people still make that mistake;
> > it has been literal decades since the lesson was rubbed in
> > our community's collective noses. I am very disappointed
> > that programming education seems not to care enough about
> > this sort of thing, even today.
> Unfortunately strcpy & other buffer overflow friendly
> functions are still present in the C standard (I am looking at
> n2434.pdf, draft of Sept 25, 2019). Is C really not fixable?
Someone needs to do Strcpy() etc that have the length in the
first bytes[s] of the string.
Larry McVoy lm at mcvoy.com http://www.mcvoy.com/lm
More information about the TUHS