Hosting Provided By

Re: strncpy() and NULL termination

From: Adrian Chadd <adrian(at)cougar.aceonline.com.au>
Date: Mon Feb 17 1997 - 10:01:20 EST

Another thing I've noticed is some bits of source pass argv[] values directly, eg this evil bit from domainname.c :

if (*argv) {
if (setdomainname(*argv, strlen(*argv)) err(1, "setdomainname");
} else {
...

Passing argv like this is evil, and a check SHOULD be made before passing something like this to a function. FYI the library call does the argument length checking, but if it was calling something that didn't do range checking.. maybe suid/sgid?

Cya.

--
Adrian Chadd			|	Windows 95 - the XT emulator for
		|	 your 486 and above!
				|	Being superstitious is bad luck.

Received on Mon Feb 17 07:02:04 1997

This message: [ Message body ]
Next message: Dan Cross: "Re: strncpy() and NULL termination"
Previous message: Roger Espel Llima: "Re: strncpy() and NULL termination"
In reply to: Roger Espel Llima: "Re: strncpy() and NULL termination"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:41:02 EDT