Date: Fri, 3 Dec 1999 22:51:29 -0700 (MST) From: Paul Hart <hart@iserver.com> To: Kris Kennaway <kris@hub.freebsd.org> Cc: audit@FreeBSD.ORG Subject: Re: Buffer overflows in libc (yp) Message-ID: <Pine.BSF.4.21.9912032247210.58329-100000@anchovy.orem.iserver.com> In-Reply-To: <Pine.BSF.4.21.9912032127370.19005-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 3 Dec 1999, Kris Kennaway wrote: > - strcpy(ysd->dom_domain, dom); > + strlcpy(ysd->dom_domain, dom, sizeof(ysd->dom_domain)-1); Shouldn't that be: strlcpy(ysd->dom_domain, dom, sizeof(ysd->dom_domain)); instead? I think one of the things that strlcpy(3) tries to address is the general confusion over SIZE vs. SIZE - 1 that plagues some of the other C string functions. Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.9912032247210.58329-100000>