There's a third one that nobody has caught, because you don't know if pszSrc
is null-terminated, so your program can crash due to a protected memory
error.
The copy operation should be:
strncpy(szDest,pszSrc, min(MAX, pszSrc_size)-1);
assuming the size of pszSrc is pszSrc_size.
Few people seem t
I'm excited that Microsoft is reaching out and providing this learning aid.
Most people I interview don't know how to spot some pretty simply vulnerable
code constructs. I'll even have my newbies subscribe to this RSS for a
spell, in hopes that their attack toolkit may be augmented.
But, some advi
der Mouse wrote:
>>http://msdn.microsoft.com/security/
> Heh. They want us to do their code review for them?
Did you look at it? The current one is a 4-line toy bug. It's a
contrived example, and theposter obviously already knows there is a bug.
You think they are going to work their way up to
> If you fancy yourself as a good code reviewer you can play spot the
> bug at MSDN. They will be getting harder !
> http://msdn.microsoft.com/security/
Heh. They want us to do their code review for them?
For free?!?
I Don't Think So. :-]
(Yes, I do realize that these are supposedly cases wh
Hi all,
FYI, a couple of interesting things going on in the software security space
that those here on SC-L might appreciate:
- Good article/interview in yesterday's Wall Street Journal on the topic of
Software Security. The interview is with Gary McGraw, and I'm sure that no
one here will be
At 9:55 AM -0400 7/19/05, Mark Curphey wrote:
>If you fancy yourself as a good code reviewer you can play spot the bug at
>MSDN. They will be getting harder !
>
>http://msdn.microsoft.com/security/
The overarching bug seems to be the assertion that there is only one bug,
since those offering comme
If you fancy yourself as a good code reviewer you can play spot the bug at
MSDN. They will be getting harder !
http://msdn.microsoft.com/security/