On Mon, 2002-11-18 at 17:10, Andrew Griffiths wrote:
> Another thing to use is consistency, for example,
>
> char dst[50];
> strncpy(dst, user_supplied_data, sizeof(dst));
> strncat(dst, sizeof(dst) - strlen(dst) -1, moreuserdata);
>
> This could be exploitable if user_supplied_data is 50 or more...
> Another thing to use is consistency, for example,
>
> char dst[50];
> strncpy(dst, user_supplied_data, sizeof(dst));
> strncat(dst, sizeof(dst) - strlen(dst) -1, moreuserdata);
>
> This could be exploitable if user_supplied_data is 50 or more...
[ more ]