Banning Functions in C

I came across this post on Bruce Schneier’s weblog on security, actually this is what Steve quoted from the original article:

Microsoft plans to formally banish the popular programming function that’s been responsible for an untold number of security vulnerabilities over the years, not just in Windows but in countless other applications based on the C language. Effective later this year, Microsoft will add memcpy(), CopyMemory(), and RtlCopyMemory() to its list of function calls banned under its secure development lifecycle.

I had to sit on this for a while to really think about it, on the surface it makes sense to me, but the more I thought about it the less sense it made.

Speaking as a C programmer here (amongst the various languages I know), there are some functions you have to use carefully otherwise you will quickly get into trouble, memcpy() is one and there are others. But you usually only get into trouble if you don’t check your lengths and buffers to make sure you don’t exceed a buffer size when you use these functions.

What bothers me is that there are plenty of other ways to get into trouble, such as exceeding the end of an array, or running off the end of a structure, or just exceeding the length of a buffer when reading or writing data. Banning the use of certain dangerous functions will not fix that and may lure the developer into a false sense of security which is worse because it encourages coding which has not been fully thought out which is what we are trying to fix in the first place. C allows the developer a great deal of flexibility and speed but these come at a price.

The way I approached this was to avoid the use of unbounded functions (like strcpy() and memcpy()) unless bounds were checked and safe. I wrote ‘safe’ versions of the string copying functions such as strncpy() and strncat), the versions I have check bounds and forcibly puts a terminating NULL at the end of the string when needed. You can still ‘kill’ yourself but the wrappers take case of 90% of the cases.

Finally I wrote ‘safe’ wrappers around all the functions I use to check all the input parameters for sanity. I have found that certain platforms are more lenient than other when bad parameters are passed, some will return an error and others will just crash.

Advertisements

Calling MySQL Procedures from iBatis

I had some issues this morning calling MySQL Procedures from iBatis. The iBatis documentation is pretty sparse on the subject and I could not find anything useful on the forums. I did eventually find the ‘clincher’ post on a mail-archive.com.

Assume this (rather brain-dead) stored procedure:


CREATE PROCEDURE increment_total_widgets (widget_key BINARY(20), increment INT)
BEGIN
UPDATE statistics
SET total_widgets = total_widgets + increment
WHERE widget_key = widget_key;
END;

The procedure setup in the iBatis sqlmap file should be as follows:


<procedure id="incrementTotalWidgets" parameterClass="HashMap">
{CALL increment_total_widgets(UNHEX(#widget_key:VARCHAR#), #increment:NUMBER#)}
</procedure>

This looks nothing like the example set out in the iBatis documentation.

Left MyRoar

Just for the record, I left MyRoar (where I was CTO) last week.

Applying NLP to financial information was very interesting and I really enjoyed the challenges that presented. In the end there were too many creative differences between Kate McDonough (the original founder) and myself, and I felt I could no longer be an effective CTO to the company.

Introduction to AWS for PHP Developers

Great introduction to AWS for PHP Developers penned by Clay Loveless.

I used to work with Clay at Feedster.

3G coming soon to a Laptop near you

This is rather interesting, not because of the Apple angle, because it points the way to the ubiquity of connection in the forceable future (from ComputerWorld, via Mac Rumors):

The Comms Software QA team within the Mac Hardware Group is seeking a motivated QA engineer to perform quality assurance testing for new Apple CPU Products.

Duties for this position include, but are not limited to:

– Testing and reporting hardware, software, and device driver bugs for Communications technologies including AirPort (802.11a/b/g/n), Bluetooth v2.0, gigabit Ethernet, and/or 3G Wireless WAN in a detailed, timely manner.

Originally the expectation was that WiFi would provide for all our roaming bandwidth needs, along the way WiMax was supposed to do that for us. Now it seems that we are going to have to look to 3G for that, and eventually 4G. WiMax was supposed to fill that gap but we are still waiting for that.

The key is untethering. Initially it felt great to have WiFi, I could move around my condo/office with a laptop and always be connected to the network, free from the wired tether, but it quickly became clear that WiFi has its own tether because of the limited range.

‘Always connected’ is a pre-requisite for cloud computing, and it looks like 3G/4G is how this will be achieved. My measure of ‘getting there’ in terms of bandwidth and coverage will be when I can sit in the middle of the countryside and be able to stream a high definition movie from the cloud to my laptop/tablet.

Really big Kindle

Apparently Amazon is about to release a really large Kindle (NY Times, AppleInsider.)

I am wondering if this is a good idea. Part of the appeal of the Kindle is that it is very portable, you can just toss it into a bag, a satchel, a handbag, take it with you and taking it out wherever you are and using it. Making it larger is going to make it a lot less transportable. We put up with the challenge of transporting laptops because they are so multi-function, and I am not sure that the Kindle is on the same level.

Then again I don’t know what the size is yet.

‘Myst’ on the iPhone

I was very interested to see Myst released on the iPhone, I am a fan of the game (I through IV), in fact those were (and are) pretty much the only computer games I have played in the past 20 years.

The only downside is that the game is a little slow and the screen does not have enough resolution to convey the depth of detail.