Date: Mon, 16 Dec 1996 11:35:05 -0700 (MST) From: Marc Slemko <marcs@znep.com> To: Jason Downs <downsj@teeny.org> Cc: Dmitry Valdov <dv@kis.ru>, freebsd-security@freebsd.org Subject: Re: crontab security hole Message-ID: <Pine.BSF.3.95.961216112138.9006B-100000@alive.ampr.ab.ca> In-Reply-To: <199612161457.GAA18590@threadway.teeny.org>
index | next in thread | previous in thread | raw e-mail
[removed from -bugs] On Mon, 16 Dec 1996, Jason Downs wrote: > In message <Pine.BSF.3.95.961216064624.7792B-100000@alive.ampr.ab.ca>, > Marc Slemko writes: > > > >It was fixed in -stable the other day by pst. The patch, pulled > >from the CVS tree, follows. > > Haven't any of you ever heard of a very simple and efficient non-stdio > routine called, of all things, strncpy()? > > It's been around for, like, ever. I'm sure that many of us have. If I was writing the patch, I would do it probably use strncpy. However, I think the reason why strncpy wasn't used is because it won't null terminate the string if it is >= the length given. It just means an extra line of code to make sure it is terminated, but I don't see it as being much more than a matter of style in this context. A few quick informal benchmarks show that strncpy is faster than snprintf in some cases and snprintf is faster than strncpy in others.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.961216112138.9006B-100000>