From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id 1989999f for ; Tue, 12 Nov 2019 22:42:11 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id 8BEEA9C146; Wed, 13 Nov 2019 08:42:10 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id C10AE9BB5B; Wed, 13 Nov 2019 08:41:56 +1000 (AEST) Received: by minnie.tuhs.org (Postfix, from userid 112) id 6DEE19BB16; Wed, 13 Nov 2019 08:41:55 +1000 (AEST) Received: from fuz.su (fuz.su [5.135.162.8]) by minnie.tuhs.org (Postfix) with ESMTPS id 5A34F9BB16 for ; Wed, 13 Nov 2019 08:41:54 +1000 (AEST) Received: from fuz.su (localhost [127.0.0.1]) by fuz.su (8.15.2/8.15.2) with ESMTPS id xACMfpQ7037686 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Tue, 12 Nov 2019 23:41:52 +0100 (CET) (envelope-from fuz@fuz.su) Received: (from fuz@localhost) by fuz.su (8.15.2/8.15.2/Submit) id xACMfp1P037685 for tuhs@tuhs.org; Tue, 12 Nov 2019 23:41:51 +0100 (CET) (envelope-from fuz) Date: Tue, 12 Nov 2019 23:41:51 +0100 From: Robert Clausecker To: tuhs@tuhs.org Message-ID: <20191112224151.GA36336@fuz.su> References: <1573592179.5935.for-standards-violators@oclsc.org> <20191112221053.C2009156E80B@mail.bitblocks.com> <20191112221418.GJ16268@mcvoy.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20191112221418.GJ16268@mcvoy.com> User-Agent: Mutt/1.12.2 (2019-09-21) Subject: Re: [TUHS] buffer overflow (Re: Happy birthday Morris worm X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" Oh please no. One of the things we've hopefully all learned from Pascal is that length-prefixed strings suck because you can't perform anything useful without copying the entire string. Rob Pike and friends showed how to get strings and vectors right in the Go language where you have a builtin slice type which is essentially a structure struct slice(type) { type *data; size_t len, cap; }; where data points to a buffer, len is the length of meaningful data in that buffer and cap is the total buffer size. This allows the language to take subslices and to append to existing slices without requiring copies in most cases. If a copy is necessary, the runtime can allocate a slightly larger buffer in advance to allow for appending in amortised linear time. Overall, much more versatile than Pascal strings. But let's get back to the topic, after all I promised not to flame as much as Jörg did. Yours, Robert Clausecker On Tue, Nov 12, 2019 at 02:14:18PM -0800, Larry McVoy wrote: > On Tue, Nov 12, 2019 at 02:10:46PM -0800, Bakul Shah wrote: > > On Tue, 12 Nov 2019 15:56:15 -0500 Norman Wilson wrote: > > > > > > My longer-term reaction was to completely drop my sloppy > > > old habit (common in those days not just in my code but in > > > that of many others) of ignoring possible buffer overflows. > > > I find it mind-boggling that people still make that mistake; > > > it has been literal decades since the lesson was rubbed in > > > our community's collective noses. I am very disappointed > > > that programming education seems not to care enough about > > > this sort of thing, even today. > > > > Unfortunately strcpy & other buffer overflow friendly > > functions are still present in the C standard (I am looking at > > n2434.pdf, draft of Sept 25, 2019). Is C really not fixable? > > Someone needs to do Strcpy() etc that have the length in the > first bytes[s] of the string. > -- > --- > Larry McVoy lm at mcvoy.com http://www.mcvoy.com/lm -- () ascii ribbon campaign - for an 8-bit clean world /\ - against html email - against proprietary attachments