Reply to post: Re: ...memory constraints... ...70 full copies of 4 different OpenSSL versions...

Huawei savaged by Brit code review board over pisspoor dev practices

dajames Silver badge

Re: ...memory constraints... ...70 full copies of 4 different OpenSSL versions...

Funniest thing is, if they only wrote

#define SAFE_LIBRARY_memcpy(dest, destMax, src, count) memcpy(dest, src, (destMax) < (count) ? (destMax) : (count))

Then they'd be at least immune to piss-poor stack overflow attacks, even if using plain libc.

Well, no ... Even if the codebase has been tested as it stands (which may be hopelessly optimistic) the values supplied for destMax in the calls have not been tested and may be meaningless. You still need at the very least to manually sanity-check the destMax value passed in every call, and then retest the whole codebase with the new macro.

... and that assumes that the code won't misbehave because you've truncated the result of a copy operation.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019