WeSearch

Linux Kills Strncpy

·4 min read · 0 reactions · 0 comments · 2 views
Linux Kills Strncpy

Introduction The C string library is compact, fast and efficient. However, if not used correctly and carefully, it leads to buffer overrun errors which either cause programs to crash or worse allow…

Original article
Stephen Smith's Blog
Read full at Stephen Smith's Blog →
Opening excerpt (first ~120 words) tap to expand

Introduction The C string library is compact, fast and efficient. However, if not used correctly and carefully, it leads to buffer overrun errors which either cause programs to crash or worse allow arbitrary code to execute. Hackers have found errors in the use of C string functions to be a goldmine in security weaknesses to exploit. The Linux kernel is written in C and uses these string functions and has been spending a lot of time fixing problems in the kernel’s string usage and improving the string library’s API. The original root of many problems is the strcpy(dest, src); function which copies bytes from the src to the dest until a NULL terminator is reached. The problem being if the src string is larger than the destination buffer or the src string isn’t NULL terminated at all.

Excerpt limited to ~120 words for fair-use compliance. The full article is at Stephen Smith's Blog.

Anonymous · no account needed
Share 𝕏 Facebook Reddit LinkedIn Threads WhatsApp Bluesky Mastodon Email

Discussion

0 comments

More from Stephen Smith's Blog

Brickbat: A Shocking Abuse of Power
Reason Magazine·0
Neighbours aid rescue effort as Venezuela quake death toll hits 235
Al Jazeera English·0
French public energy company EDF pledges €80 million to cool schools
Le Monde (EN)·0
Ram Mandir fund row: Temple Trust gen secy resigns on 'moral grounds'; trustee quits too
Times of India·0
AGICL invites bids for consultant to oversee ₹4,933-crore Amaravati Secretariat works
The Hindu — Top·0
Parramatta coach saves woman from burning car hours after South Sydney defeat
The Sydney Morning Herald·0