Date: Mon, 16 Dec 1996 11:35:05 -0700 (MST) From: Marc Slemko <marcs@znep.com> To: Jason Downs <downsj@teeny.org> Cc: Dmitry Valdov <dv@kis.ru>, freebsd-security@freebsd.org Subject: Re: crontab security hole Message-ID: <Pine.BSF.3.95.961216112138.9006B-100000@alive.ampr.ab.ca> In-Reply-To: <199612161457.GAA18590@threadway.teeny.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[removed from -bugs] On Mon, 16 Dec 1996, Jason Downs wrote: > In message <Pine.BSF.3.95.961216064624.7792B-100000@alive.ampr.ab.ca>, > Marc Slemko writes: > > > >It was fixed in -stable the other day by pst. The patch, pulled > >from the CVS tree, follows. > > Haven't any of you ever heard of a very simple and efficient non-stdio > routine called, of all things, strncpy()? > > It's been around for, like, ever. I'm sure that many of us have. If I was writing the patch, I would do it probably use strncpy. However, I think the reason why strncpy wasn't used is because it won't null terminate the string if it is >= the length given. It just means an extra line of code to make sure it is terminated, but I don't see it as being much more than a matter of style in this context. A few quick informal benchmarks show that strncpy is faster than snprintf in some cases and snprintf is faster than strncpy in others.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.961216112138.9006B-100000>