Date: Fri, 4 Aug 2000 14:10:03 -0700 (PDT) From: Kris Kennaway <kris@hub.freebsd.org> To: Warner Losh <imp@village.org> Cc: audit@FreeBSD.ORG Subject: Re: ether_line() patch Message-ID: <Pine.BSF.4.21.0008041408420.64303-100000@hub.freebsd.org> In-Reply-To: <Pine.BSF.4.21.0008041355250.64303-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 4 Aug 2000, Kris Kennaway wrote:
> strncpy does not null-terminate if strlen(result) == resultlen. In that
> case the buf[resultlen] character will be stomped by the NULL - it's a
> trivial change, but I think it's correct.
Actually we were both wrong - this strncpy was just bogus and did no
bounds checking. This patch hunk should be better.
@@ -156,8 +178,8 @@
strlen(ether_a), &result, &resultlen)) {
continue;
}
- strncpy(buf, result, resultlen);
- buf[resultlen] = '\0';
+ strncpy(buf, result, sizeof(buf) - 1);
+ buf[sizeof(buf)] = '\0';
free(result);
}
#endif
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008041408420.64303-100000>