Subject: Re: exploit with memcpy()
From: David Laight <firstname.lastname@example.org>
Date: 07/02/2002 19:29:48
> I think it is the responsibility of the caller to check the validity of
> the arguments. In my opinion, this falls into the category: should strcpy()
> check for NULL arguments?
Indeed - although a 0 pointer will (almost always) generate a core
OTOH maybe stopping the stack being executable would be a better
ploy for catching the effects of undersize onstack data buffers.
(at least then you can only jump to code that exists in the
program being executed.)
One trouble with making routines check for illegal operations
is that the calling program won't ever check the response and
program(mer)s will get sloppier and sloppier...
David Laight: email@example.com