Slashdot Mirror

← Back to Stories (view on slashdot.org)

String Cleanup Results On OpenBSD

Posted by timothy on Tuesday April 22, 2003 @02:17AM from the theo-apologizes-for-a-pun dept.

Dan writes "OpenBSD's Theo De Raadt provides an update on his team's efforts to remove potential buffer overflows within OpenBSD code by always calculating what the bounds of an operation are. They have been going through the source tree cleaning out all calls to sprintf(), strcpy(), and strcat(). Theo says that they have removed (replaced) approximately 2000 occurences of these functions." (The same buffer overrun-squashing effort was mentioned earlier this month.)

1 of 53 comments (clear)

Min score:

Reason:

Sort:

BSD Coding Standard. by UnknownSoldier · 2003-04-22 02:47 · Score: 3, Insightful

Does the BSD team have a list (or rules of thumb?) that mentions other safe coding practises? There has to be book on this, right? (I've always been impressed by the pro-active stance BSD takes towards security -- I just wish the rest of the commercial world could afford the time to do things right, instead of the cheesy no liability out-clause in the EULA.)

If most developers are still using these "trivial" funcs, I'm scared what other funcs are just as buggy!

Funny how one can forget all about these "harmless" bad practises. Time to add it to the internal coding standard. :)