Tor Rustad said:

> I don't see the point with analyzing the broken code above.

Neither do I. In an argument about correctness, I should have taken the
time to compile the example code rather than trust my fingers to get it
right on auto-pilot. But, *had I done so*, it would have been a good
example!

> Not all kinds of buffer overruns can be detected by static analysis,

Indeed. This is kind of my point, really. If you could detect all errors
automatically, you wouldn't need bright programmers. But since you can't,
you do.

<snip>

> There isn't a single *best solution* in security engineering,

Agreed. Nevertheless, the best solution is to hire bright people. Bright
people should be able to work out how not to abuse strncpy, right?

> A common mistake among the "clever", is that they beleave they are
> better than their own constraints. Not knowing your own limitation, is a
> major security risk IMO. I do by far, prefer humble smartness.

That's "clever" as in "dumb", right? Just checking.

The risk of not knowing your own limitations and weaknesses is precisely
the reason that clever people use coding conventions/standards/style
guides, and ask for code reviews by their peers. Indeed, it's why we
bother to do testing. I fail to see how this says anything about strncpy,
though.

--
Richard Heathfield <http://www.cpax.org.uk>
Email: -http://www. +rjh@
Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
"Usenet is a strange place" - dmr 29 July 1999