Comments concerning TR 24731
- From: jacob navia <jacob@xxxxxxxxxxxxxxxx>
- Date: Wed, 07 Jun 2006 09:49:06 +0200
TR 24731 is a proposal for making the C library more secure.
It is a welcome addition and it goes in the direction I have been
arguing since a long time.
It doesn't go to the root of the problem though, since
even if the programmer is supposed to pass the size of
the buffers to the secure functions, it would be far
better that the size would be an integral part of the
buffer like:
typedef struct _d_buffer {
size_t size;
unsigned char *data;
} DynamicBuffer; // This one is resizable
typedef struct _s_buffer {
size_t size;
unsigned char data[];
} StaticBuffer; // This one is not resizable
This would eliminate the errors of passing a wrong buffer size.
But anyway, it is much better than the current situation.
I am trying to implement this stuff, and there are portions of the
specification that are unclear, specially in a multi-threaded
environment:
We have the "set_constraint_handler" function, that sets the
(apparently global) constraint handler. Unspecified is what that
could mean in a ulti-threaded (or multi-tasking) environment.
Should each thread have its own handlers isn't it?
Other unclear points are the behavior when a stream is passed
to a library function and ferror is true or feof is true. As far
as I see this is not specified.
jacob
.
- Follow-Ups:
- Re: Comments concerning TR 24731
- From: jacob navia
- Re: Comments concerning TR 24731
- From: jacob navia
- Re: Comments concerning TR 24731
- From: Douglas A. Gwyn
- Re: Comments concerning TR 24731
- From: Wojtek Lerch
- Re: Comments concerning TR 24731
- Prev by Date: Re: value of an assignment expression, revisited
- Next by Date: Re: Comments concerning TR 24731
- Previous by thread: Must stdin, stdout, and stderr be macros?
- Next by thread: Re: Comments concerning TR 24731
- Index(es):
Relevant Pages
|
