Thread: how to write save code?

  1. #1
    Registered User
    Join Date
    Jul 2007
    Posts
    88

    how to write save code?

    I want to learn how to write save code, I mean save against buffer overflow and such.

    Is there a overview with all unsave functions from C Std, C++ Std and Boost + workaround described?

  2. #2
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    You mean SAFE code?

    There are plenyt of unsafe functions, some are only unsafe if you "use them wrong" or "use them in a particular way", and of course, even safe functions aren't safe if you use them wrong, e.g.:

    Code:
    ...
       char str[20];
    ...
       fgets(str, 200, stdin);
    ...
    This is definitely unsafe, as it allows 180 bytes overflow.

    Some of the most common unsafe functions:
    Code:
    strcpy()
    gets()
    {,f,s}scanf()   /* When using %s */
    But as I explained above, it's more about using functions correctly than which functions you use. If you check the strlen() before calling strcpy(), then it's fine.

    --
    Mats

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  3. #3
    Registered User
    Join Date
    Jul 2007
    Posts
    88
    Quote Originally Posted by matsp View Post
    You mean SAFE code?
    Yes, I misspelled. As you may have reconizted English is not my native language. It`s difficult for me to get the exact meaning of this word, it can mean several things like
    - "to save from destruction"
    - "to be safe as houses".
    If i translate it back it`s quite similar. Maybe "secure code" would have been good?

    Quote Originally Posted by matsp View Post
    There are plenyt of unsafe functions
    That`s why I asked for some overview where them are listed.

  4. #4
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    A lot of the safety comes down to how the functions are used by the programmer, so you just can't assume that you can attach a "safe" or "unsafe" label. As matsp has already shown, you can turn a safe function into a disaster area with a simple typo.

    For example,
    gets() is fundamentally unsafe, there is no possibility of ever using it in a safe manner.
    fgets() is safe, so long as you're honest about the size parameter.

    Then something like std::string is very safe unless you really go out of your way and try and modify the string by using the pointer returned by say the c_str() method.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  5. #5
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Quote Originally Posted by Salem View Post
    Then something like std::string is very safe unless you really go out of your way and try and modify the string by using the pointer returned by say the c_str() method.
    You'd first have to get rid of the const on c_str(), right? Which means that you won't do it "by mistake" without jumpint through some hoops.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  6. #6
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Yes, I understand that english isn't your native language - it isn't mine either [but I started learning English thirty years or more ago, and I have been working with English and American companies for the last 15-20 years, and have been living in England for 12 years, so it may be hard to spot that I'm not a native speaker, especially in writing] and my comment was more to clarify that I was answering that sort of question, rather than to complain about your language - becuase I wanted to make sure that you weren't talking about "how do I save data to a file and then remove it" or some such.

    So, now to "a list of unsafe functions", as explained by me an Salem, it is almost impossible to make a complete list of functions that are unsafe - any function that copies data from one place to another in some form, and where the calling code is supplying the buffer in which to write into, the function is essentially unsafe. It helps the function to be safer by passing a size/length information to it, so that the function can check that the resulting data isn't overflowing the buffer - but it still assumes that the calling code is doing this correctly.

    Most C++ standard classes are safe, since the classes are owning the buffers that are written to. As to other libraries and sources, it will depend a bit on who provided that code and whether they were thinking about potential safety issues or not. Most likely, if it's a C++ class, it will be safer than the same functionality implemented in traditional C code - mostly because in the past, it was expected that the programmer would do some checking themselves to make sure that it worked right.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  7. #7
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    > You'd first have to get rid of the const on c_str(), right?
    True.
    You can only raise the bar, but some people will always find a way to get over it though

    The only way to be really safe is to pick a language which removes all responsibility for managing storage from the user. Even then, you have to make sure that what the user enters is 'safe' to process.

    Sure you can read the string in safely using fgets(), but if you don't validate it, you leave another door open.
    http://en.wikipedia.org/wiki/Sql_injection_attack
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. How write address family independent code ? hints ? experiences ?
    By fredy100 in forum Networking/Device Communication
    Replies: 0
    Last Post: 03-31-2008, 11:17 AM
  2. I am trying to write a code to search a class
    By jrb47 in forum C++ Programming
    Replies: 3
    Last Post: 12-02-2006, 02:33 PM
  3. Obfuscated Code Contest
    By Stack Overflow in forum Contests Board
    Replies: 51
    Last Post: 01-21-2005, 04:17 PM
  4. Binary Search Trees Part III
    By Prelude in forum A Brief History of Cprogramming.com
    Replies: 16
    Last Post: 10-02-2004, 03:00 PM
  5. Replies: 0
    Last Post: 02-21-2002, 06:05 PM