home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.lang.forth      Forth programmers eat a lot of Bratwurst      117,927 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 116,304 of 117,927   
   albert@spenarnc.xs4all.nl to Anton Ertl   
   Re: push for memory safe languages -- im   
   12 Mar 24 10:13:19   
   
   In article <2024Mar2.090401@mips.complang.tuwien.ac.at>,   
   Anton Ertl  wrote:   
   >Krishna Myneni  writes:   
   >>#include    
   >>#include    
   >>   
   >>void MaliciousCode() {   
   >>         printf("This code is malicious!\n");   
   >>         printf("It will not execute normally.\n");   
   >>         exit(0);   
   >>}   
   >>   
   >>void GetInput() {   
   >>         char buffer[8];   
   >>         gets(buffer);   
   >>         // puts(buffer);   
   >>}   
   >>   
   >>int main() {   
   >>         GetInput();   
   >>         return 0;   
   >>}   
   >>=== end code ===   
   >>   
   >>It will be a useful exercise to work up a similar example in Forth, as a   
   >>step to thinking about automatic hardening techniques (as opposed to   
   >>input sanitization).   
   >   
   >Forth does not have an inherently unbounded input word like C's   
   >gets().  And even typical C environments warn you when you compile   
   >this code; e.g., when I compile it on Debian 11, I get:   
   >   
   >|> gcc xxx.c   
   >|xxx.c: In function ‘GetInput’:   
   >|xxx.c:12:10: warning: implicit declaration of function ‘gets’; did   
   >you mean ‘fgets’? [-Wimplicit-function-declaration]   
   >|   12 |          gets(buffer);   
   >|      |          ^~~~   
   >|      |          fgets   
   >|/usr/bin/ld: /tmp/ccC9Qbu7.o: in function `GetInput':   
   >|xxx.c:(.text+0x3b): warning: the `gets' function is dangerous and   
   >should not be used.   
   >   
   >So, they removed gets() from stdio.h, and added a warning to the   
   >linker.  "man gets" tells me:   
   >   
   >|_Never use this function_   
   >|[...]   
   >|ISO C11 removes the specification of gets() from the C language, and   
   >|since version 2.16, glibc header files don't expose the function   
   >|declaration if the _ISOC11_SOURCE feature test macro is defined.   
      
   Ironically, in ciforth I implemented (ACCEPT). That has the   
   functionality of gets(). However it returns (addr length) and   
   identifies a part of the input buffer. So you can never   
   overwrite anything, because it doesn't write anything.   
      
      
      
   >- anton   
      
   Groetjes Albert   
   --   
   Don't praise the day before the evening. One swallow doesn't make spring.   
   You must not say "hey" before you have crossed the bridge. Don't sell the   
   hide of the bear until you shot it. Better one bird in the hand than ten in   
   the air. First gain is a cat purring.            - the Wise from Antrim -   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca