String Cleanup Results On OpenBSD

Dan writes "OpenBSD's Theo De Raadt provides an update on his team's efforts to remove potential buffer overflows within OpenBSD code by always calculating what the bounds of an operation are. They have been going through the source tree cleaning out all calls to sprintf(), strcpy(), and strcat(). Theo says that they have removed (replaced) approximately 2000 occurences of these functions." (The same buffer overrun-squashing effort was mentioned earlier this month.)

BSD Coding Standard.

[UnknownSoldier]

Does the BSD team have a list (or rules of thumb?) that mentions other safe coding practises? There has to be book on this, right? (I've always been impressed by the pro-active stance BSD takes towards security -- I just wish the rest of the commercial world could afford the time to do things right, instead of the cheesy no liability out-clause in the EULA.)

If most developers are still using these "trivial" funcs, I'm scared what other funcs are just as buggy!

Funny how one can forget all about these "harmless" bad practises. Time to add it to the internal coding standard. :)

Re:BSD Coding Standard.

[TilJ]

There's a summary of good practices at http://www.openbsd.org/porting.html#Security. The white papers that the team has produced (for example, on the str "l" variants) are also good reading.

Because the functions don't spec. a buffer length

[rklrkl]

If you check the man pages for the 3 functions, you'll see that they just take char * pointers with no lengths specified, so they'll just copy from the source data until they hit a zero char or cause a buffer overflow exception.

To answer your question, it's not possible to replace the original functions in libc because there's no maximum length param in those functions (unlike the safer "n" equivalents like snprintf()).