Date: Thu, 28 Aug 2003 20:52:19 +0200 From: Alexander Leidinger <Alexander@Leidinger.net> To: Joshua Oreman <oremanj@get-linux.org> Cc: questions@freebsd.org Subject: Re: SecFix for databases/firebird, please review Message-ID: <20030828205219.53250ddf.Alexander@Leidinger.net> In-Reply-To: <20030827153343.GA27037@webserver> References: <20030817130114.2bfb3cf1.Alexander@Leidinger.net> <20030817133824.GA71246@madman.celabo.org> <20030818115928.20c1c570.Alexander@Leidinger.net> <20030827081036.GL47959@garage.freebsd.pl> <20030827111733.23d7bb71.Alexander@Leidinger.net> <20030827153343.GA27037@webserver>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 27 Aug 2003 08:33:43 -0700
Joshua Oreman <oremanj@get-linux.org> wrote:
> > > You also still don't add:
> > >
> > > buf[sizeof(buf) - 1] = '\0';
> > >
> > > after all strncat(3)s.
> >
> > Hmmm... yes, I see the problem...
>
> >From strncat(3):
> char* strncat (char * restrict s, const char * restrict append, size_t count);
> [ ... ]
> The strncat function appends not more than count characters from
> append, and then adds a terminating `\0'.
> (emphasis added) ^^^^^^^^^^^^^^^^^^^^^^^
>
> So here there really isn't a problem.
Are you sure?
Lets see (pseudocode):
target[100]="abcde";
source="123456";
strncat(target, source, 5);
What's the result (just by looking at the man-page):
- abcde12345
- abcde12345\0
- abcde1234\0
Now, write a program which verifies your assumption.
Bye,
Alexander.
--
The best things in life are free, but the
expensive ones are still worth a look.
http://www.Leidinger.net Alexander @ Leidinger.net
GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030828205219.53250ddf.Alexander>