Updated Writing Secure Code Errata
A big thanks to Niels Dekker for providing me with the feedback. Here's the diff only.
Chapter 5, Page 145
There’s a small error in the ArrayIndexError code:
printf("Usage is %s [index] [value]\n");
Should read:
printf("Usage is %s [index] [value]\n", argv[0]);
Chapter 10, Page 344
There’s an error in the CopyData function.
void CopyData(char *szData, DWORD cbData) {
const DWORD cbDest = 32;
char cDest[cbDest];
if (szData != NULL && cbDest > cbData)
strncpy(cDest,szData,min(cbDest,cbData));
//use cDest
...
should read:
void CopyData(char *szData, DWORD cbData) {
const DWORD cbDest = 32;
char cDest[cbDest];
if (szData != NULL && cbDest > cbData) {
strncpy(cDest,szData,min(cbDest,cbData));
//use cDest
}
...
Chapter 10, Page 348
There are a number of small errors (including a memory leak) in the C++ code used to determine if a file extension is valid. It should read:
bool IsOKExtension(const char *szFilename) {
bool fIsOK = false;
if (szFilename) {
const char *szOKExt[] =
{".txt", ".rtf", ".gif", ".jpg", ".bmp"};
const char *szExtension =
strrchr(szFilename, '.');
if (szExtension) {
for (size_t i=0;
i < sizeof(szOKExt) / sizeof(szOKExt[0]);
i++)
if (_stricmp(szExtension, szOKExt[i]) == 0 )
fIsOK = true;
}
}
return fIsOK;
}
Chapter 10, Page 350
There is an error in the C# and Perl regular expressions used to determine if a file extension is valid.
In both cases the expression:
txt|rtf|gif|jpg|bmp$
Should read:
\.(?:txt|rtf|gif|jpg|bmp)$
Comments
- Anonymous
October 29, 2004
More on the C++ code of IsOKExtension:
I've had two friends of mine saying you should break out of the for loop, after doing fIsOK = true. Still I didn't submit this as a bug report, because it's not really an error, it's just an optimization issue. And because compilers do so much optimization for you these days, I wasn't 100 percent sure if it would make any difference. What do you think? - Anonymous
October 31, 2004
I think these errors are not very bad. - Anonymous
November 20, 2004
Thanks