From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2001-08-06 09:23:59 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!news.ems.psu.edu!not-for-mail From: cross@augusta.math.psu.edu (Dan Cross) Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. Date: 6 Aug 2001 12:23:58 -0400 Organization: Mememememememmeme Message-ID: <9kmgau$ria@augusta.math.psu.edu> References: <3b6e9c33.1478392360@news.worldonline.nl> NNTP-Posting-Host: augusta.math.psu.edu X-Trace: boatanchor.ems.psu.edu 997115039 10068 146.186.132.2 (6 Aug 2001 16:23:59 GMT) X-Complaints-To: security@psu.edu NNTP-Posting-Date: 6 Aug 2001 16:23:59 GMT Xref: archiver1.google.com comp.lang.ada:11389 comp.lang.c:72483 comp.lang.c++:80352 comp.lang.functional:7350 Date: 2001-08-06T16:23:59+00:00 List-Id: In article <3b6e9c33.1478392360@news.worldonline.nl>, Richard Bos wrote: >Erm, no. The standard C way is not to check every bound, every time. >Correct procedure is to design your program such that you _prevent_ >errors rather than detecting them as they occur; for example, input is >checked _once_, and then, if it passes the tests, assumed correct. You >don't go checking it every time you use it. But, what if the input changes? What if for some reason your verification procedure was incorrect, and something slipped through? Case in point: do you ever call atoi? What does it return when passed invalid input? I know it's supposed to be undefined, but most implementations will just return zero; how do you distinguish this from valid input? Sure you can say, ``well, you should never use atoi(), prefering instead to use strtol()'' but that's only a contrived example and I could come up with more, as I'm sure every reasonably competent C programmer could. And that's my point. And why on earth would I want to code yet another generation purpose dictionary ADT? Hashing? Please! >If you wish to claim this is not equivalent, very well; but you can't go >around claiming that C is bad simply because it doesn't do things the >Ada way. No one is saying that. No one is even saying that C is bad. What we are saying is that it's not the appropriate tool for all problems. Just like a hammer isn't the appropriate tool for all problems (since someone found an example of screws you do hammer in, how about using a hammer as a wrench? :-). - Dan C.