Red Hat Security Blog: March 2014 archives

  • Enhance application security with FORTIFY_SOURCE

    The FORTIFY_SOURCE macro provides lightweight support for detecting buffer overflows in various functions that perform operations on memory and strings. Not all types of buffer overflows can be detected with this macro, but it does provide an extra level of validation for some functions that are potentially a source of buffer overflow flaws. It protects both C and C++ code. FORTIFY_SOURCE works by computing the number of bytes that are going to be copied from a source to the destination. In...
    Posted 2014-03-26T13:30:10+00:00 - 0
  • The trouble with snprintf

    At least historically, misuse of functions like strcpy, strcat, and sprintf was a common source of buffer overflow vulnerabilities. Therefore, in 1997, the Single UNIX Specification, Version 2, included a new interface for string construction that provided an explicit length of the output string: snprintf. This function can be used for string construction with explicit length checking. Originally, it could be used in the following way: /* buff is a pointer to a buffer of blen characters...
    Posted 2014-03-12T13:30:40+00:00 - 0