From owner-freebsd-chat Mon Dec 16 19:19:07 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id TAA22057 for chat-outgoing; Mon, 16 Dec 1996 19:19:07 -0800 (PST) Received: from threadway.teeny.org (root@threadway.teeny.org [204.245.200.1]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id TAA22052 for ; Mon, 16 Dec 1996 19:19:03 -0800 (PST) Received: from localhost (downsj@localhost.teeny.org [127.0.0.1]) by threadway.teeny.org (8.8.4/8.6.12) with ESMTP id TAA22717; Mon, 16 Dec 1996 19:16:12 -0800 (PST) Message-Id: <199612170316.TAA22717@threadway.teeny.org> X-Mailer: exmh version 1.6.5 12/11/95 To: J Wunsch cc: marcs@znep.com, dv@kis.ru, freebsd-chat@freebsd.org Subject: Re: crontab security hole In-reply-to: Your message of "Mon, 16 Dec 1996 21:51:12 +0100." <199612162051.VAA08770@uriah.heep.sax.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 16 Dec 1996 19:16:12 -0800 From: Jason Downs Sender: owner-chat@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <199612162051.VAA08770@uriah.heep.sax.de>, J Wunsch writes: >As Jason Downs wrote: > >> Haven't any of you ever heard of a very simple and efficient non-stdio >> routine called, of all things, strncpy()? > >Haven't any of you ever heard of the ugly misdesign of strn{cat,cpy}() >to not delimit your string if it's reaching the end? I think this is >violating the principle of least surprise... since they still have the >`str' in the name, not `mem'. strncat() always terminates, strncpy() does not if it runs out of space. Most people terminate the string at the length - 1 after the call to strncpy(), incase it didn't manage to. This is sufficient, and avoids going through any extra processing involved with *printf() as well as avoiding perhaps needlessly pulling in stdio code. It's bad programming practice to blindly use snprintf() without considering your options. (Just as it's bad to use strncpy() without terminating the string yourself, or call strncat() with the wrong length.) -- Jason Downs (503) 256-8535 -/- (503) 952-3749 downsj@teeny.org --> teeny.org: Free Software for a Free Internet <-- http://www.teeny.org/ This ain't no steeenking NetBSD. http://www.openbsd.org/