This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [open-source] Re: Wish for 2002

Ben Laurie <> writes:

> Oh please! What's the first mail I read this morning? A post to Bugtraq
> about a buffer overflow in gzip (which, guess what, is a GNU app) that
> was incorrectly fixed using strncpy.

I think this directly supports Paul's point.

Why was there a fixed-length buffer in there at all?  Why was a fixed
buffer being used for data that could be of arbitrary length?  Could it be
of arbitrary length?  What's the correct size of the buffer?  Should it be
dynamically allocated?

What is the *real* problem in the source code?

Just switching from strncpy to strlcpy may paper over the problem and may
be slightly more secure, or it may just move a more subtle security
problem deeper into the code by truncating a string in a way that can be
exploited via some other more complicated attack.  But since it uses
strlcpy, people may then think the problem is resolved.

strlcpy is useful in situations where you want to just patch the problem
and don't want to deep analysis of the code to figure out why a buffer is
being used.  This is an appropriate approach for a porter to take.  It's
not clear to me that this is an appropriate approach for a maintainer to

Russ Allbery (             <>

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]