Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 27 Aug 2003 08:33:43 -0700
From:      Joshua Oreman <oremanj@get-linux.org>
To:        Alexander Leidinger <Alexander@Leidinger.net>
Cc:        questions@freebsd.org
Subject:   Re: SecFix for databases/firebird, please review
Message-ID:  <20030827153343.GA27037@webserver>
In-Reply-To: <20030827111733.23d7bb71.Alexander@Leidinger.net>
References:  <20030817130114.2bfb3cf1.Alexander@Leidinger.net> <20030817133824.GA71246@madman.celabo.org> <20030818115928.20c1c570.Alexander@Leidinger.net> <20030827081036.GL47959@garage.freebsd.pl> <20030827111733.23d7bb71.Alexander@Leidinger.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 27, 2003 at 11:17:33AM +0200 or thereabouts, Alexander Leidinger wrote:
> On Wed, 27 Aug 2003 10:10:36 +0200
> Pawel Jakub Dawidek <nick@garage.freebsd.pl> wrote:
> 
> > On Mon, Aug 18, 2003 at 11:59:28AM +0200, Alexander Leidinger wrote:
> > +> Thanks for the review. I've updated
> > +> http://www.leidinger.net/FreeBSD/firebird-1.0.2-secfix.tar.bz2 (modulo
> > +> Chris' work in progress). I'm looking forward to the next round. :-)
> > 
> > IMHO there are still problems with strncat(3).
> > 
[ ... ]
> > You also still don't add:
> > 
> > 	buf[sizeof(buf) - 1] = '\0';
> > 
> > after all strncat(3)s.
> 
> Hmmm... yes, I see the problem...

>From strncat(3):
	char* strncat (char * restrict s, const char * restrict append, size_t count);
	[ ... ]
	The strncat function appends not more than count characters from
	append, and then adds a terminating `\0'.
	(emphasis added) ^^^^^^^^^^^^^^^^^^^^^^^

So here there really isn't a problem.

-- Josh



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030827153343.GA27037>