Re: gzip bug w/ patch..

From: Jonathan A. Zdziarski (jonathanat_private)
Date: Sat Jan 05 2002 - 15:43:01 PST

Next message: David Frascone: "Re: VERISIGN "PAYFLOW LINK" PAYMENT SERVICE SECURITY FAILURE"

Previous message: the Pull: "Razor Warning: SPAM/UBE/UCE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Why hasn't the software community hasn't more widely accepted the use of
strlcpy and strlcat?  While these functions aren't included with all
platforms, the source is pretty simple to include in one's application.
The benefits are obvious: strlcpy truncates the copied string if
necessary based on the size provided, and insures that it is always NUL
terminated.  The strlcat function acts the same way as strncat, only the
size being sent to the function is the maximum length of the string,
rather than the maximum number of characters to copy.  It also NUL
terminates on truncation.

-----Original Message-----
From: Tim J. Robbins [mailto:timat_private] 
Sent: Sunday, December 30, 2001 9:06 PM
To: bugtraqat_private
Subject: Re: gzip bug w/ patch..

On Sun, Dec 30, 2001 at 02:26:10PM -0000, greg wrote:

> well anyway, there is an attached patch, bye.

> -           strcpy(nbuf,dir);
> +           strncpy(nbuf, dir, sizeof(nbuf) - 1);

You must ensure the trailing NUL character is at the end of the
string:
  nbuf[sizeof(nbuf) - 1] = '\0';

Tim

Next message: David Frascone: "Re: VERISIGN "PAYFLOW LINK" PAYMENT SERVICE SECURITY FAILURE"
Previous message: the Pull: "Razor Warning: SPAM/UBE/UCE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jan 05 2002 - 17:40:27 PST