Re: Safe C++ char array functions (Was Is there a good mailing list or forum for mainframe C/C++ specifically?)
Strlcpy is certainly an equal opportunity solution -- it's not available on EITHER of the platforms I am working with. My impression is that strcpy_s does *not* copy anything if the target buffer is too short. Hey, anybody want my implementations of a safe strcpy and sprintf? Here you go: // sprintf_ss is a local one-for-one replacement for Microsoft sprintf_s // replace all references to sprintf_ss when/if IBM implements on z/OS int sprintf_ss(char *string, size_t sizeInBytes, const char *format, ...) { va_list args; assert(format != NULL); //assert(string != NULL); // not necessary; hardware will detect va_start(args, format); int ret = vsprintf(string, format, args); va_end(args); assert(strlen(string) sizeInBytes); // note that the damage is already done! return ret; } // strcpy_ss is a local one-for-one replacement for Microsoft strcpy_ss // replace all references to strcpy_ss when/if IBM implements on z/OS // note not quite one-to-one as uses assert() rather than error returns errno_t strcpy_ss(char *strDestination, size_t numberOfElements, const char *strSource) { assert(strlen(strSource) numberOfElements); //assert(strDestination != NULL); // not necessary; hardware will catch assert(strSource != NULL); strcpy(strDestination, strSource); return 0; } Charles -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Gainsford, Allen Sent: Sunday, December 06, 2009 11:56 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Safe C++ char array functions (Was Is there a good mailing list or forum for mainframe C/C++ specifically?) Correct on strcpy_s versus strncpy. Strncpy has the possibility of making a new bad situation while preventing another. You can easily end up with a string that is guaranteed to run wild if you strcpy it. I personally have always preferred strlcpy to strncpy or strcpy_s, since strlcpy is basically an always-safe copy function that doesn't have the defects of strcpy_s (does nothing if the dest is too small, instead of copying as much as it safely can) or strncpy (doesn't always null-terminate the result; and always touches every byte of the dest area, which can be a massive time-waster for large dest buffers). The only problem with strlcpy is that it's not supported on many platforms, any more than strcpy_s is... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Safe C++ char array functions (Was Is there a good mailing list or forum for mainframe C/C++ specifically?)
Charles Mills wrote: Strlcpy is certainly an equal opportunity solution -- it's not available on EITHER of the platforms I am working with. strlcpy() (and the other BSD string functions) are available in the Dignus runtime for z/OS. - Dave Rivers - -- riv...@dignus.comWork: (919) 676-0847 Get your mainframe programming tools at http://www.dignus.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
-Original Message- From: IBM Mainframe Discussion List [On Behalf Of Paul Gilmartin On Fri, 4 Dec 2009 13:44:12 -0600, Rich Smrcina wrote: D'oh. I stand corrected. Ted MacNEIL wrote: ITYM low. Signal is the good part It's kinda like how people say steep learning curve (understanding increases rapidly) when they mean shallow learning curve (understanding increases slowly). (Or maybe they have the ordinate and the abscissa conceptually swapped: time on the Y-axis?) It's been many decades, but I vaguely recall from high school physics that we were taught to place time on the y-axis when graphing time-distance type functions. -jc- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Safe C++ char array functions (Was Is there a good mailing list or forum for mainframe C/C++ specifically?)
Correct on strcpy_s versus strncpy. Strncpy has the possibility of making a new bad situation while preventing another. You can easily end up with a string that is guaranteed to run wild if you strcpy it. I personally have always preferred strlcpy to strncpy or strcpy_s, since strlcpy is basically an always-safe copy function that doesn't have the defects of strcpy_s (does nothing if the dest is too small, instead of copying as much as it safely can) or strncpy (doesn't always null-terminate the result; and always touches every byte of the dest area, which can be a massive time-waster for large dest buffers). The only problem with strlcpy is that it's not supported on many platforms, any more than strcpy_s is... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Climbing the hill - another attempt (was Re: Is there a good mailing list or forum for mainframe C/C++ specifically?)
Paul Gilmartin wrote: It's kinda like how people say steep learning curve (understanding increases rapidly) when they mean shallow learning curve (understanding increases slowly). (Or maybe they have the ordinate and the abscissa conceptually swapped: time on the Y-axis?) I disagree ! The 'steepness' of the curve doesn't depend on the time it takes to perform the task, but rather on the amount of work involved. A curve is steep if the amount of work required to achieve the task requires more work than a 'shallow' climb. Let's take a computer analogy then: Learning how to display a count from 1 to 10.. I can do this is assembler or in basic. In Basic, the curve us shallow, because the amount of information I have to assimilate to do this is trivial.. 10 FOR I = 1 TO 10 20 PRINT I 30 NEXT RUN ... In Assembler, the learning curve is steep because, to achieve the same result, I have to learn about : - The architecture - Registers - OS Standard linkage - OS conventions - Etc.. (ex : Old CMS 1-10 count in asm) MYPROG CSECT * STM 14,12,12(13) BALR 12,0 USING *,12 ST 13,SAVEA+4 LA 13,SAVEA LA 3,1 LOOPDS 0H LINEDIT TEXT='...',SUB=(DEC,(3)) LA 3,1(3) C 3,=A(10) BNH LOOP L 13,4(13) LM 14,12,12(13) XR 15,15 BR 14 DS 0D SAVEA DS 18F LTORG END *** In the end, of course, although the learning curve was steep (it took me a lot of work to achieve my goal), the overall height achieved was higher ! --Ivan -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
Since Charles pointed out in his second post that he was new to C++, I'm going to jump to the conclusion that he intends to use C++ rather than C. In that case, the recommended approach for working with strings is to use a container class like std::string instead of the C str*() and strn*() functions. Here are a couple of references: - http://www.parashift.com/c++-faq-lite/exceptions.html#faq-17.5 - https://www.securecoding.cert.org/confluence/display/cplusplus/07.+Characters+and+Strings+%28STR%29 Sam Siegel wrote: On Thu, Dec 3, 2009 at 10:56 PM, Paul Gilmartin paulgboul...@aim.comwrote: On Thu, 3 Dec 2009 11:07:38 -0600, McKown, John wrote: OPINION TIME! The safe versions are not safer than using some of the others which include the length of the destination buffer. Such as strncpy, strncmp, and so on. The strn... functions are multiplatform and standard. The str..._s functions, from what I have read on the Web, are a Microsoft invention. They are not ISO or ANSI standard functions, but are being considered. And, according to one person, were invented by MS strictly as a way to make it more difficult to port code using them to other systems. I suppose M$ could argue that there's some advantage (but what?) in leaving the target buffer unmodified in the failure case. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html The _s versions of strcpy, etc. provide additional functionality not found in the strn* functions. There are return codes which indicate runtime error conditions which allow the program to take corrective action on the fly. They also guarantee that the receiving buffer is always null terminated, eliminated potential 0c4 abends and other unexpected results. These actions/functionality do require additional design and coding effort to ensure that the desired and actual results are what the program wants/expects. Yes these functions were initiated by MS. But take a close look at what they provide before they are discounted. Sam -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
Gosh, there is no question that can't be hijacked into something else. Thank you to all the people who suggested I use the C++ classes. Yes, yes, I am well aware of the string class. It does not do everything. There are times when char[] makes more sense and/or must be used. When doing so, it pays to be as safe as possible. Yes, it is possible to be safe without using safe functions, but the same could be said of any helpful tool in software: you don't really need it -- you can accomplish the same thing other ways. Thank you to all the people who used this thread to remind us that Microsoft is the evil empire. I might suggest that all IBM would have to do to defeat MS's nefarious plot to take over the world would be to implement about half a dozen small library functions that MS has proposed as additions to the C++ standard. Thank you also to the one person who gave a helpful answer to the question I actually asked and suggested a possibly relevant mailing list. Charles -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
All threads here get hijacked eventually. Some sooner than others. From responses that __I__ have received from IBM in the past, they tend not to implement in flux stuff. And, they basically say give us a business case to implement ... and we will prioritize it with other requests. What they mean by business case is how this will make us money (reasonable). The safe functions are not a standard. They are in a TR status. I don't really know what that means. I am sure that once they become an ANSI/ISO standard, IBM will implement them (eventually). I had not realized that the safe functions have one major plus over the n functions. They guarantee that the \0 can be copied too. And that the source will fit in the dest area before doing anything at all. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-961-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Charles Mills Sent: Friday, December 04, 2009 11:01 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Is there a good mailing list or forum for mainframe C/C++ specifically? Gosh, there is no question that can't be hijacked into something else. Thank you to all the people who suggested I use the C++ classes. Yes, yes, I am well aware of the string class. It does not do everything. There are times when char[] makes more sense and/or must be used. When doing so, it pays to be as safe as possible. Yes, it is possible to be safe without using safe functions, but the same could be said of any helpful tool in software: you don't really need it -- you can accomplish the same thing other ways. Thank you to all the people who used this thread to remind us that Microsoft is the evil empire. I might suggest that all IBM would have to do to defeat MS's nefarious plot to take over the world would be to implement about half a dozen small library functions that MS has proposed as additions to the C++ standard. Thank you also to the one person who gave a helpful answer to the question I actually asked and suggested a possibly relevant mailing list. Charles -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
Yup... welcome to IBM-Main. The signal to noise ratio is quite high. Charles Mills wrote: Gosh, there is no question that can't be hijacked into something else. -- Rich Smrcina -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
Yeah, our motto seems to be Why have an opinion if you can't inflict it on the rest of the world! .lol We're all guilty Jon L. Veilleux veilleu...@aetna.com (860) 636-2683 -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Rich Smrcina Sent: Friday, December 04, 2009 1:24 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Is there a good mailing list or forum for mainframe C/C++ specifically? Yup... welcome to IBM-Main. The signal to noise ratio is quite high. Charles Mills wrote: Gosh, there is no question that can't be hijacked into something else. -- Rich Smrcina -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html This e-mail may contain confidential or privileged information. If you think you have received this e-mail in error, please advise the sender by reply e-mail and then delete this e-mail immediately. Thank you. Aetna -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
ITYM low. Signal is the good part --Original Message-- From: Rich Smrcina Sender: IBM Mainframe Discussion List To: IBM Mainframe Discussion List ReplyTo: IBM Mainframe Discussion List Sent: Dec 4, 2009 13:23 Subject: Re: Is there a good mailing list or forum for mainframe C/C++ specifically? Yup... welcome to IBM-Main. The signal to noise ratio is quite high. Charles Mills wrote: Gosh, there is no question that can't be hijacked into something else. -- Rich Smrcina -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html - Too busy driving to stop for gas! -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
D'oh. I stand corrected. Ted MacNEIL wrote: ITYM low. Signal is the good part -- Rich Smrcina -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Safe C++ char array functions (Was Is there a good mailing list or forum for mainframe C/C++ specifically?)
Correct on strcpy_s versus strncpy. Strncpy has the possibility of making a new bad situation while preventing another. You can easily end up with a string that is guaranteed to run wild if you strcpy it. I *think* what I am going to do (with regard to the specifics of strcpy[_s]) is use either a function or a #define to build my own function that will assert that the source string strlen is shorter than the target buffer. If strlen seems to be a performance problem when the code moves into production I could turn it off. One alternative would be strncpy plus a just to be sure move of a zero into the last position of the output buffer. sprintf_s is a little more problematic because without doing a full simulation you don't know how long the result will be. OTOH, the results are more predictable assuming you are not using %s and some string from the outside world. So I think I will just #define sprintf_s so it uses sprintf without checking. (Why use sprintf_s at all then? Because I am doing my initial coding, syntax checking, and unit testing on (shudder!) MS Visual Studio, where the _s functions are available. (Why? Sorry, but it's a much more user-friendly and productive development environment than the big iron.) I think there's a benefit to using them in some testing even if they will not be available in all situations. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of McKown, John Sent: Friday, December 04, 2009 9:55 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Is there a good mailing list or forum for mainframe C/C++ specifically? All threads here get hijacked eventually. Some sooner than others. From responses that __I__ have received from IBM in the past, they tend not to implement in flux stuff. And, they basically say give us a business case to implement ... and we will prioritize it with other requests. What they mean by business case is how this will make us money (reasonable). The safe functions are not a standard. They are in a TR status. I don't really know what that means. I am sure that once they become an ANSI/ISO standard, IBM will implement them (eventually). I had not realized that the safe functions have one major plus over the n functions. They guarantee that the \0 can be copied too. And that the source will fit in the dest area before doing anything at all. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
On Fri, 4 Dec 2009 13:44:12 -0600, Rich Smrcina wrote: D'oh. I stand corrected. Ted MacNEIL wrote: ITYM low. Signal is the good part It's kinda like how people say steep learning curve (understanding increases rapidly) when they mean shallow learning curve (understanding increases slowly). (Or maybe they have the ordinate and the abscissa conceptually swapped: time on the Y-axis?) -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Is there a good mailing list or forum for mainframe C/C++ specifically?
I found http://ibmmainframeforum.com/ but the last C question was in June and it hasnt been answered yet. :-( I found http://www.ibmmainframes.com/ but they group C questions into Other mainframe topics which is not very promising. Does anyone have any experience with the IBM C++ Café http://www-949.ibm.com/software/rational/cafe/community/ccpp?view=discussion s ? Its not mainframe-specific but a lot of the question seem to be mainframe-oriented. Charles -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
What is your c/c++ question. On Thu, Dec 3, 2009 at 2:53 PM, Charles Mills charl...@mcn.org wrote: I found http://ibmmainframeforum.com/ but the last C question was in June and it hasn’t been answered yet. :-( I found http://www.ibmmainframes.com/ but they group C questions into “Other mainframe topics” which is not very promising. Does anyone have any experience with the IBM “C++ Café” http://www-949.ibm.com/software/rational/cafe/community/ccpp?view=discussion s ? It’s not mainframe-specific but a lot of the question seem to be mainframe-oriented. Charles -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
I'm new to C++ so there are going to be a LOT of them. g The question of the moment is is there no 'safe' string copy library routine such as strcpy_s? I don't see it in the doc. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Sam Siegel Sent: Thursday, December 03, 2009 7:03 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Is there a good mailing list or forum for mainframe C/C++ specifically? What is your c/c++ question. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
-Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Charles Mills Sent: Thursday, December 03, 2009 9:08 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Is there a good mailing list or forum for mainframe C/C++ specifically? I'm new to C++ so there are going to be a LOT of them. g The question of the moment is is there no 'safe' string copy library routine such as strcpy_s? I don't see it in the doc. Charles Out of curiousity, I looked at the MSDN article for strcpy_s. Basically, it copies the bytes from one area to another, but only if the entire source will fit in the destination area (the size of which is passed in the strcpy_s parm list). If there is any problem, then the destination is not modified at all. I don't see any such in z/OS C, but you could roll your own. I'd likely use memcpy(). Something like: #define _X_OPEN #include string.h #include errno.h int strcpy_s(char *dest, size_t elements, const char *source) { size_t src_len; if (dest == NULL) return EINVAL; if (source == NULL) return EINVAL; if (elements == 0) return ERANGE; src_len=strlen(source)+1; /* add 1 to include \0 terminator */ if (src_len elements) return ERANGE; memcpy(dest,source,src_len); return 0; } -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-961-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
Thanks. Right. I was thinking of several such possibilities. There are also safe versions of many of the char[] functions including sprintf, so several of these would have to be written. sprintf would be a little trickier than the below. I was just surprised that IBM did not provide safe versions given that (in my informal survey of malware issues) the number one cause of security problems in software is buffer overrun. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of McKown, John Sent: Thursday, December 03, 2009 7:54 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Is there a good mailing list or forum for mainframe C/C++ specifically? -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Charles Mills Sent: Thursday, December 03, 2009 9:08 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Is there a good mailing list or forum for mainframe C/C++ specifically? I'm new to C++ so there are going to be a LOT of them. g The question of the moment is is there no 'safe' string copy library routine such as strcpy_s? I don't see it in the doc. Charles Out of curiousity, I looked at the MSDN article for strcpy_s. Basically, it copies the bytes from one area to another, but only if the entire source will fit in the destination area (the size of which is passed in the strcpy_s parm list). If there is any problem, then the destination is not modified at all. I don't see any such in z/OS C, but you could roll your own. I'd likely use memcpy(). Something like: #define _X_OPEN #include string.h #include errno.h int strcpy_s(char *dest, size_t elements, const char *source) { size_t src_len; if (dest == NULL) return EINVAL; if (source == NULL) return EINVAL; if (elements == 0) return ERANGE; src_len=strlen(source)+1; /* add 1 to include \0 terminator */ if (src_len elements) return ERANGE; memcpy(dest,source,src_len); return 0; } -- John McKown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
strcpy_s is part of proposed standardization: ISO/IEC TR 24731. It is already implemented by Microsoft. IBM has not yet included it in its libraries. Sam On Thu, Dec 3, 2009 at 3:08 PM, Charles Mills charl...@mcn.org wrote: I'm new to C++ so there are going to be a LOT of them. g The question of the moment is is there no 'safe' string copy library routine such as strcpy_s? I don't see it in the doc. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Sam Siegel Sent: Thursday, December 03, 2009 7:03 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Is there a good mailing list or forum for mainframe C/C++ specifically? What is your c/c++ question. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
OPINION TIME! The safe versions are not safer than using some of the others which include the length of the destination buffer. Such as strncpy, strncmp, and so on. The strn... functions are multiplatform and standard. The str..._s functions, from what I have read on the Web, are a Microsoft invention. They are not ISO or ANSI standard functions, but are being considered. And, according to one person, were invented by MS strictly as a way to make it more difficult to port code using them to other systems. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-961-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Charles Mills Sent: Thursday, December 03, 2009 10:42 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Is there a good mailing list or forum for mainframe C/C++ specifically? Thanks. Right. I was thinking of several such possibilities. There are also safe versions of many of the char[] functions including sprintf, so several of these would have to be written. sprintf would be a little trickier than the below. I was just surprised that IBM did not provide safe versions given that (in my informal survey of malware issues) the number one cause of security problems in software is buffer overrun. Charles -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
I would like to second that. With some of the new MS compilers, you have to define a symbol _CRT_SECURE_NO_DEPRECATE; if not, you get warning messages on every call of strcpy, sprintf and so on. While I agree that the NULL terminated strings and the C string library are a bad idea from the start (coming from PDP-x and Unix, AFAIK), we have to live with it, because it's standard and portable. And, if handled carefully, you can write safe programs, even if you use these unsafe functions. For example, all my programs use a standard function handling argc/argv positional parameters, giving the possibility for keyword parameters with defaults, maximum lengths, type checks and so on, and all buffer overruns etc. due to wrong parameters are impossible, if you use this function. Kind regards Bernd McKown, John schrieb: OPINION TIME! The safe versions are not safer than using some of the others which include the length of the destination buffer. Such as strncpy, strncmp, and so on. The strn... functions are multiplatform and standard. The str..._s functions, from what I have read on the Web, are a Microsoft invention. They are not ISO or ANSI standard functions, but are being considered. And, according to one person, were invented by MS strictly as a way to make it more difficult to port code using them to other systems. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
Not to mention that most would not consider M$ as the leading authorities on how to write safe C/C++ code :-) On Thu, Dec 3, 2009 at 11:07 AM, McKown, John john.mck...@healthmarkets.com wrote: OPINION TIME! The safe versions are not safer than using some of the others which include the length of the destination buffer. Such as strncpy, strncmp, and so on. The strn... functions are multiplatform and standard. The str..._s functions, from what I have read on the Web, are a Microsoft invention. They are not ISO or ANSI standard functions, but are being considered. And, according to one person, were invented by MS strictly as a way to make it more difficult to port code using them to other systems. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-961-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Charles Mills Sent: Thursday, December 03, 2009 10:42 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Is there a good mailing list or forum for mainframe C/C++ specifically? Thanks. Right. I was thinking of several such possibilities. There are also safe versions of many of the char[] functions including sprintf, so several of these would have to be written. sprintf would be a little trickier than the below. I was just surprised that IBM did not provide safe versions given that (in my informal survey of malware issues) the number one cause of security problems in software is buffer overrun. Charles -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
On Thu, 3 Dec 2009 11:07:38 -0600, McKown, John wrote: OPINION TIME! The safe versions are not safer than using some of the others which include the length of the destination buffer. Such as strncpy, strncmp, and so on. The strn... functions are multiplatform and standard. The str..._s functions, from what I have read on the Web, are a Microsoft invention. They are not ISO or ANSI standard functions, but are being considered. And, according to one person, were invented by MS strictly as a way to make it more difficult to port code using them to other systems. I suppose M$ could argue that there's some advantage (but what?) in leaving the target buffer unmodified in the failure case. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Is there a good mailing list or forum for mainframe C/C++ specifically?
On Thu, Dec 3, 2009 at 10:56 PM, Paul Gilmartin paulgboul...@aim.comwrote: On Thu, 3 Dec 2009 11:07:38 -0600, McKown, John wrote: OPINION TIME! The safe versions are not safer than using some of the others which include the length of the destination buffer. Such as strncpy, strncmp, and so on. The strn... functions are multiplatform and standard. The str..._s functions, from what I have read on the Web, are a Microsoft invention. They are not ISO or ANSI standard functions, but are being considered. And, according to one person, were invented by MS strictly as a way to make it more difficult to port code using them to other systems. I suppose M$ could argue that there's some advantage (but what?) in leaving the target buffer unmodified in the failure case. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html The _s versions of strcpy, etc. provide additional functionality not found in the strn* functions. There are return codes which indicate runtime error conditions which allow the program to take corrective action on the fly. They also guarantee that the receiving buffer is always null terminated, eliminated potential 0c4 abends and other unexpected results. These actions/functionality do require additional design and coding effort to ensure that the desired and actual results are what the program wants/expects. Yes these functions were initiated by MS. But take a close look at what they provide before they are discounted. Sam -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html