Updated Writing Secure Code Errata

A big thanks to Niels Dekker for providing me with the feedback. Here's the diff only.

Chapter 5, Page 145

There’s a small error in the ArrayIndexError code:

printf("Usage is %s [index] [value]\n");

Should read:

printf("Usage is %s [index] [value]\n", argv[0]);

Chapter 10, Page 344

There’s an error in the CopyData function.

void CopyData(char *szData, DWORD cbData) {

const DWORD cbDest = 32;

char cDest[cbDest];

if (szData != NULL && cbDest > cbData)

strncpy(cDest,szData,min(cbDest,cbData));

//use cDest

...

should read:

void CopyData(char *szData, DWORD cbData) {

const DWORD cbDest = 32;

char cDest[cbDest];

if (szData != NULL && cbDest > cbData) {

strncpy(cDest,szData,min(cbDest,cbData));

//use cDest

}

...

Chapter 10, Page 348

There are a number of small errors (including a memory leak) in the C++ code used to determine if a file extension is valid. It should read:

               

bool IsOKExtension(const char *szFilename) {

    bool fIsOK = false;

 

    if (szFilename) {

        const char *szOKExt[] =

            {".txt", ".rtf", ".gif", ".jpg", ".bmp"};

        const char *szExtension =

            strrchr(szFilename, '.');

        if (szExtension) {

            for (size_t i=0;

                i < sizeof(szOKExt) / sizeof(szOKExt[0]);

                i++)

                if (_stricmp(szExtension, szOKExt[i]) == 0 )

                    fIsOK = true;

       }

    }

    return fIsOK;

}

 

Chapter 10, Page 350

There is an error in the C# and Perl regular expressions used to determine if a file extension is valid.

In both cases the expression:

txt|rtf|gif|jpg|bmp$

Should read:

\.(?:txt|rtf|gif|jpg|bmp)$