From owner-freebsd-audit  Fri Dec  3 21:55:17 1999
Delivered-To: freebsd-audit@freebsd.org
Received: from gatekeeper.veriohosting.com (gatekeeper.veriohosting.com [192.41.0.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id DA8CF14A2A; Fri,  3 Dec 1999 21:55:10 -0800 (PST)
	(envelope-from hart@iserver.com)
Received: by gatekeeper.veriohosting.com; Fri, 3 Dec 1999 22:54:32 -0700 (MST)
Received: from unknown(192.168.1.109) by gatekeeper.veriohosting.com via smap (V3.1.1)
	id xma007635; Fri, 3 Dec 99 22:54:26 -0700
Received: (hart@localhost) by anchovy.orem.iserver.com (8.9.3) id WAA58478; Fri, 3 Dec 1999 22:51:29 -0700 (MST)
Date: Fri, 3 Dec 1999 22:51:29 -0700 (MST)
From: Paul Hart <hart@iserver.com>
X-Sender: hart@anchovy.orem.iserver.com
To: Kris Kennaway <kris@hub.freebsd.org>
Cc: audit@FreeBSD.ORG
Subject: Re: Buffer overflows in libc (yp)
In-Reply-To: <Pine.BSF.4.21.9912032127370.19005-100000@hub.freebsd.org>
Message-ID: <Pine.BSF.4.21.9912032247210.58329-100000@anchovy.orem.iserver.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, 3 Dec 1999, Kris Kennaway wrote:

> -		strcpy(ysd->dom_domain, dom);
> +		strlcpy(ysd->dom_domain, dom, sizeof(ysd->dom_domain)-1);

Shouldn't that be:

    strlcpy(ysd->dom_domain, dom, sizeof(ysd->dom_domain));

instead?  I think one of the things that strlcpy(3) tries to address is
the general confusion over SIZE vs. SIZE - 1 that plagues some of the
other C string functions.

Paul Hart

--
Paul Robert Hart        ><8>  ><8>  ><8>        Verio Web Hosting, Inc.
hart@iserver.com        ><8>  ><8>  ><8>        http://www.iserver.com/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message