Date: Fri, 26 Oct 2001 08:20:01 -0700 (PDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: freebsd-bugs@FreeBSD.org Subject: bin/31507: Risk of buffer overflow in struct sockaddr_un Message-ID: <200110261520.f9QFK1e07958@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/31507; it has been noted by GNATS.
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
To: g@ural.org
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: bin/31507: Risk of buffer overflow in struct sockaddr_un
Date: Fri, 26 Oct 2001 11:18:04 -0400 (EDT)
<<On Fri, 26 Oct 2001 17:03:13 +0600 (YEKST), stas@grumbler.org said:
> There programmer may use folowing code:
> struct sockaddr_un server;
> #ifdef MAX_SUN_PATH
> strncpy(server.sun_path, file_fifo, MAX_SUN_PATH);
> #else
> strncpy(server.sun_path, file_fifo, 104); /* or other platform-depended value */
> #endif
No, the correct code would ALWAYS be:
strncpy(server.sun_path, file_fifo, sizeof server.sun_path);
POSIX says:
# Applications should not assume a particular length for sun_path or
# assume that it can hold {_POSIX_PATH_MAX} characters (255).
-GAWollman
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110261520.f9QFK1e07958>