Quote:
Originally posted by bigearsbilly
because it checks the size of the buffer before comparing.
this stops buffer over-runs which are a major source of
run-time crashes in C and best practice for program security.
If you read most linux security issues they are to do with buffer
overruns from using things like strcat instead of strncat etc.
|
While this does sound logic, it's not really true
in this case.
A buffer overrun occurs when the program
writes past the end of the allocated buffer. But this is about strcmp(), which only
reads 2 buffers. This is confirmed by the prototype of strcmp(): Both string parameters are declared as "
const char *". The "const" specification ensures us the function will not write to the buffers.
Of course it is possible for strcmp() to
read past the end of the buffer which may cause the program to crash with a segmentation fault. So you may think this introduces at least a Denial Of Service vulnerability in the program which can be prevented by using str
ncmp() instead of strcmp().
But think again: This can will only happen when the string in the buffer is not '\0'-terminated correctly. If this is the case, then this happened when the string-buffer was
written i.e. read from user input, constructed with strcpy(), strcat(), gets() or the similar.
So a bug causing strcmp() to segfault is not in calling strcmp(), but
before that, when the buffer was written.
Nontheless, using str
ncmp() instead of strcmp() cannot really harm. Only the performance may be slightly less. And in corner cases it may hide a real bug when a buffer is written by not segfaulting when a segfault would reveal the real buffer-bug somewhere else in the program where the buffer was written (as described above).