SecFix for databases/firebird, please review
Alexander Leidinger
Alexander at Leidinger.net
Thu Aug 28 11:50:52 PDT 2003
On Wed, 27 Aug 2003 08:33:43 -0700
Joshua Oreman <oremanj at get-linux.org> wrote:
> > > You also still don't add:
> > >
> > > buf[sizeof(buf) - 1] = '\0';
> > >
> > > after all strncat(3)s.
> >
> > Hmmm... yes, I see the problem...
>
> >From strncat(3):
> char* strncat (char * restrict s, const char * restrict append, size_t count);
> [ ... ]
> The strncat function appends not more than count characters from
> append, and then adds a terminating `\0'.
> (emphasis added) ^^^^^^^^^^^^^^^^^^^^^^^
>
> So here there really isn't a problem.
Are you sure?
Lets see (pseudocode):
target[100]="abcde";
source="123456";
strncat(target, source, 5);
What's the result (just by looking at the man-page):
- abcde12345
- abcde12345\0
- abcde1234\0
Now, write a program which verifies your assumption.
Bye,
Alexander.
--
The best things in life are free, but the
expensive ones are still worth a look.
http://www.Leidinger.net Alexander @ Leidinger.net
GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7
More information about the freebsd-questions
mailing list