[AD] Buffer security patch

[ Thread Index | Date Index | More lists.liballeg.org/allegro-developers Archives ]

To: "Allegro Developers" <alleg-developers@xxxxxxxxxx>
Subject: [AD] Buffer security patch
From: "Henrik Stokseth" <hensto@xxxxxxxxxx>
Date: Wed, 19 May 2004 15:33:29 +0200

The attached patch does the following:
- Adds an internal _al_sane_strncpy() to the library since the ANSI
strncpy() is flawed. also strcpy() can be dangerous if the developer doesn't
add extra checks.
- Replace every occurrence of strcpy() and strncpy() in the library with
_al_sane_strncpy() and correct eventual off by one errors.
- Replace every ocurrence of strcat() with strncat() and correct eventual
off by one errors.
- Also correct eventual off by one errors for existing strncpy() instances.
- Correct some seriously bad code where developer does writing to static
buffer without even providing the means to check for buffer overflows, most
notably in src/mac/mfile.c IIRC.

The patch has not been tested except for the neccessary build test. And I
have looked over the changes more than once. Still the person who applies
the patch should double-check it.

I realize that some places for instance in the windows code there are
strcpy() calls which can not overflow, but were replaced with
_al_sane_strncpy() because it is good policy. Imagine some developer adding
another error message but does not take into consideration the buffersize,
then voila, you have a buffer overflow. I therefore strongly recommend this
parts of the patch to be applied as well.

Sincerely Henrik Stokseth.

Attachment: buffer_securing.diff.bz2
Description: Binary data

Follow-Ups:
- Re: [AD] Buffer security patch
  - From: aj

Messages sorted by: [ date | thread ]
Prev by Date: Re: [AD] possible bug in override_config_file
Next by Date: [AD] malloc for bitmaps alignment?
Previous by thread: Re: [AD] another tiny alsa fix
Next by thread: Re: [AD] Buffer security patch

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/