Steven M. Bellovin writes: > That's not new, either. I believe it was Tony Hoare who likened this > to sailors doing shore drills with life preservers, but leaving them > home when they went to sea. I think he said that in the 1970s; he said > this in his Turing Award lecture: > > The first principle was security... A consequence of this > principle is that every occurrence of every subscript of > every subscripted variable was on every occasion checked > at run time... I note with fear and horror that even in > 1980, language designers and users have not learned this > lesson.
This is true, however, I've seen Dan Bernstein (and you don't get much more careful or paranoid about security than Dan) write code like this: static char line[999]; len = 0; len += fmt_ulong(line + len,rp); len += fmt_str(line + len," , "); len += fmt_ulong(line + len,lp); len += fmt_str(line + len,"\r\n"); Of course, the number of characters that fmt_ulong will insert is limited by the number of bits in an unsigned long, and both strings are of constant length. -- --My blog is at blog.russnelson.com | The laws of physics cannot Crynwr sells support for free software | PGPok | be legislated. Neither can 521 Pleasant Valley Rd. | +1 315-323-1241 cell | the laws of countries. Potsdam, NY 13676-3213 | +1 212-202-2318 VOIP | --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]