Warning: mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php on line 21
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connectionsPath: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Keith Thompson
Newsgroups: comp.lang.c
Subject: Re: A Famous Security Bug
Date: Wed, 20 Mar 2024 16:19:46 -0700
Organization: None to speak of
Lines: 24
Message-ID: <87r0g41ofh.fsf@nosuchdomain.example.com>
References:
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: dont-email.me; posting-host="0bf58c5e3e50115de10475b5e7b86fc1";
logging-data="1869328"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/4KCf8n/PgZ0qz3RblXh58"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
Cancel-Lock: sha1:7aTzL8ms29Vv/yGTXwIhpZJBHts=
sha1:Rd7e1G5oMjJ/J+jp647FoJTlZlg=
"Chris M. Thomasson" writes:
> On 3/20/2024 12:37 PM, Chris M. Thomasson wrote:
>> On 3/20/2024 11:18 AM, Stefan Ram wrote:
>>> A "famous security bug":
>>>
>>> void f( void )
>>> { char buffer[ MAX ];
>>> /* . . . */
>>> memset( buffer, 0, sizeof( buffer )); }
>>>
>>> . Can you see what the bug is?
>>>
>>> (I have already read the answer; I post it as a pastime.)
>> Add in a volatile? ;^)
>
> Instead of zeroing, what about filling it with random bytes reaped
> from a TRNG?
Why?
--
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
Working, but not speaking, for Medtronic
void Void(void) { Void(); } /* The recursive call of the void */