Date: Sat, 27 Jan 2018 23:42:06 +0100 From: Ed Schouten <ed@nuxi.nl> To: Dimitry Andric <dim@freebsd.org> Cc: "Pedro F. Giffuni" <pfg@freebsd.org>, src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r328492 - head/contrib/opie/libopie Message-ID: <CABh_MK=Dper_7zw35SVUaEigf9YEqgKirfeZP4vZt9z_G9bEqg@mail.gmail.com> In-Reply-To: <7C471160-44B3-4EA6-8995-08A4EB4332A1@FreeBSD.org> References: <201801272216.w0RMGJwo057492@repo.freebsd.org> <CABh_MKn=3pRWyMHUAQkG17dQVBFEwFA2esFixPtgkCt7VE5oCw@mail.gmail.com> <7C471160-44B3-4EA6-8995-08A4EB4332A1@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
2018-01-27 23:31 GMT+01:00 Dimitry Andric <dim@freebsd.org>: > On 27 Jan 2018, at 23:20, Ed Schouten <ed@nuxi.nl> wrote: >> >> 2018-01-27 23:16 GMT+01:00 Pedro F. Giffuni <pfg@freebsd.org>: >>> char host[sizeof(utmp.ut_host) + 1]; >>> insecure = 1; >>> >>> - strncpy(host, utmp.ut_host, sizeof(utmp.ut_host)); >>> - host[sizeof(utmp.ut_host)] = 0; >>> + strncpy(host, utmp.ut_host, sizeof(host)); >> >> Wait... This may access utmp.ut_host one byte past the end and no >> longer guarantees that host is null-terminated, right? > > No, strncpy "copies at most len characters from src into dst". Substituting 'len', 'src' and 'dst' gives me: strncpy "copies at most 'sizeof(utmp.ut_host) + 1' characters from 'utmp.ut_host' into 'host'". As 'utmp.ut_host' is not guaranteed to be null-terminated by POSIX*, it can actually end up in the situation where it copies 'sizeof(utmp.ut_host) + 1' characters, which may leave 'host' unterminated. -- Ed Schouten <ed@nuxi.nl> Nuxi, 's-Hertogenbosch, the Netherlands
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CABh_MK=Dper_7zw35SVUaEigf9YEqgKirfeZP4vZt9z_G9bEqg>