Bugtraq mailing list archives
Re: NCSA httpd 1.3
From: jstott () alcom phys cwru edu (Jonathan Stott)
Date: Fri, 24 Feb 95 15:40:57 -0500
However, perhaps another rule: Avoid using strncat(dest, src, n) or strncpy(dest, src, n), etc, as they _also_ do no checking on the max length of "dest", although 'n' can be properly calculated & make them safe.
How about #define STRCPY(dest,src,n) strncpy(dest, src, strlen(src) > n ? n \ : strlen(src)); type of definions? Simple, portable, efficient, and shouldn't overflow [although it does require the programmer to ensure that n = sizeof(dest)]. Something similar could be done for strncat, with the comparison being strlen(src)+strlen(dest) > n ? n : strlen(src) instead. -JS
Current thread:
- NCSA httpd 1.3 Kevin at Paranoia (Feb 23)
- Re: NCSA httpd 1.3 Thomas Lopatic (Feb 24)
- <Possible follow-ups>
- Re: NCSA httpd 1.3 Dan Thorson (Feb 24)
- Re: NCSA httpd 1.3 Jonathan Stott (Feb 24)
- Re: NCSA httpd 1.3 Ken Hardy (Feb 24)
- Re: NCSA httpd 1.3 Jordan Hayes (Feb 24)