Menu
Please correct me if I'm wrong, I research in the site but can't find any consolidated post for this problem. There are many unsafe functions in C that can lead to buffer overflow and they have the safe functions to replace them. I have a few:
gets() === replace by === fgets()
sprintf() === replace by === ?strcat() === replace by === ?strcpy() === replace by === strncpy()
vsprintf() === replace by === vsnprintf()
Also, I stuck with the unsafe byte copy and unsafe byte input code below. How can I fix the problems? Why does this code have vulnerability?
int copy_buf (char *to, int pos, char *from, int len)
{
int i;
for (i=0;i<len;<i++){
to[pos] = from [i];
pos++;
}
return pos
}
For the byte input, is the fread() unsafe function? Why does the buffer overflow happen here?
short read_chunk(FILE fil, char *to)
{
short len;
fread(&len, 2, 1, fil);
fread(to, 1, len, fil);
return len;
}
718
Using strcpy() function to copy a large character array into a smaller one is dangerous, but if the string will fit, then it will not be worth the risk. If the destination string is not large enough to store the source string then the behavior of strcpy() is unspecified or undefined.
The strncat() function is too easy to misuse; it should not be used.
strncpy is not a safe replacement for strcpy. In fact, these functions are unrelated, despite the unfortunate similarity in the naming. Safe replacement for strcpy is a non-standard function strlcpy provided by some *nix implementations as an extension. Usage of strncpy for "safe" string copying is an immediate sign of incompetent code.
Another group of unsafe functions (albeit unsafe for a different reason) are functions from ato.. group: atoi, atof, atol and so on. These functions trigger undefined behavior in case of overflow. Their safe replacements are functions from strto... group: strtol, strtod and such.
There's nothing "unsafe" about your copy_buf function in a sense that it provides the calling code with all means necessary to perform a safe call to copy_buf. The responsibility to pass the correct values in this case is placed on the caller.
Your read_chunk function is much more dangerous, since the calling code has no way of knowing how big the buffer is supposed to be. There's no perfect solution for this function that would work well with a buffer passed from outside. It makes sense to at least make the calling code to pass the size of the buffer as well. This will allow read_chunk to make sure the buffer is not overflowed. Also, read_chunk should inform the calling code about incomplete reads. You should provide the caller with means to complete the read.
125
Here is the List of Some unsafe C Functions with their replaced New Function
Certain functions behave in dangerous ways regardless of how they are used. Functions in this category were often implemented without taking security concerns into account. The gets() function is unsafe because it does not perform bounds checking on the size of its input.
An attacker can easily send arbitrarily-sized input to gets() and overflow the destination buffer. Similarly, the >> operator is unsafe to use when reading into a statically-allocated character array because it does not perform bounds checking on the size of its input. An attacker can easily send arbitrarily-sized input to the >> operator and overflow the destination buffer.
The code below calls gets() to read information into a buffer.
char buf[24];
printf("Please enter your name and press <Enter>\n");
gets(buf);
...
}
However, the programmer uses the function gets() which is inherently unsafe because it blindly copies all input from STDIN to the buffer without checking size. This allows the user to provide a string that is larger than the buffer size, resulting in an overflow condition
You can read More about Dangers in C/C++ further here..
44
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
