Re: Cross-site scripting

From: Robert Collins <robert.collins@dont-contact.us>
Date: Tue, 31 Oct 2000 08:38:46 +1100

----- Original Message -----
From: "Henrik Nordstrom" <hno@hem.passagen.se>
To: "Robert Collins" <robert.collins@itdomain.com.au>
Cc: <squid-dev@squid-cache.org>
Sent: Tuesday, October 31, 2000 6:16 AM
Subject: Re: Cross-site scripting

> Robert Collins wrote:
>
> > Why the extra snprintf? Is "#&%03d;", (int)char) not safe?
>
> It is, except that many consider sprintf totally unsafe and not suitable
> for any use. I am one of them.

That's cool.

>
> I selected the current design as a middleground between secure coding
> style, code readability and efficiency. It is not perfect in any of the
> areas, but I think good enought in all..
>
> > I thought it was things like xprintf(mychar*) that were problems.
>
> Any unbounded operation are problems. A sprintf with a integer format
> string where the value is typecasted via char is bounded, but automated
> auditing tools have a hard time to realise that this call is different
> than one where the integer starts out as an integer..
>
> %03d is "At least three positions", and expands as needed to fit the
> integer. So the upper bound of the format string is farily higher than
> your reserved space.

oops. yes I see.

Rob
>
> Anyway, the note about MemBuf applies to all of this. When using a
> MemBuf one does not have to care about the size of the output buffer,
> the MemBuf does that automatically for you. By using a MemBuf the code
> can get both more securely designed and less complicated.
>
> /Henrik
>
>
Received on Mon Oct 30 2000 - 14:33:40 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:53 MST