SHA-3 Round 1: Buffer Overflows
James A. Donald
jamesd at echeque.com
Mon Feb 23 20:20:59 PST 2009
> <http://blog.fortify.com/blog/fortify/2009/02/20/SHA-3
> -Round-1> The other issues we found were memory leaks
> and null dereferences from memory allocation. This
> just emphasizes what we already knew about C, even the
> most careful, security conscious developer messes up
> memory management.
1. Most of the submissions did not mess up memory
management.
2. A lot of my code has been subjected to code review
before run time testing and never has anyone found a
memory management bug in my C code, despite heavy use of
functions such as snprintf, memmove, and strncpy.
More information about the cypherpunks-legacy
mailing list