[Info-vax] Any stronger versions of the LMF planned ?, was: Re: LMF Licence Generator Code
Arne Vajhøj
arne at vajhoej.dk
Thu Aug 19 21:31:48 EDT 2021
On 8/19/2021 6:33 PM, Lawrence D’Oliveiro wrote:
> On Thursday, August 19, 2021 at 6:49:24 AM UTC+12, Arne Vajhøj
> wrote:
>> The COBOL code is more lines. For one reason: everything need to
>> be declared with a type. You may not like that, but I think that
>> the COBOL programmers like that.
>
> And it’s worse than that. COBOL’s fixed-length strings open up a
> whole new potential avenue of vulnerabilities, in the form of
> buffer-overflow attacks.
Nope.
Fixed length strings are not a problem.
Strings with no concept of length are a problem.
In VMS COBOL if you try to stuff more data into the
variable than there is space for, then data gets
truncated to what there is space for.
That applies to both assigning values to the search values
and for storing database data in output variables.
Tested with default compiler settings on VMS Alpha.
Arne
More information about the Info-vax
mailing list