Secure Programming
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
Re: Are bad developer libraries the problem with M$ software?
Nov 18 2002 11:10PM
Andrew Griffiths (andrewg d2 net au)
Hi all,
>
> Same problem; not safe anyway. (sizeof (dst) - strlen(dst) - 1, if anything)
>
Another thing to use is consistency, for example,
char dst[50];
strncpy(dst, user_supplied_data, sizeof(dst));
strncat(dst, sizeof(dst) - strlen(dst) -1, moreuserdata);
This could be exploitable if user_...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
>
> Same problem; not safe anyway. (sizeof (dst) - strlen(dst) - 1, if anything)
>
Another thing to use is consistency, for example,
char dst[50];
strncpy(dst, user_supplied_data, sizeof(dst));
strncat(dst, sizeof(dst) - strlen(dst) -1, moreuserdata);
This could be exploitable if user_...
[ more ]