Bugtraq mailing list archives

Re: NCSA httpd 1.3

From: jstott () alcom phys cwru edu (Jonathan Stott)
Date: Fri, 24 Feb 95 15:40:57 -0500

However, perhaps another rule:
    Avoid using strncat(dest, src, n) or strncpy(dest, src, n), etc, as they
    _also_ do no checking on the max length of "dest", although 'n' can be
    properly calculated & make them safe.


How about

#define STRCPY(dest,src,n) strncpy(dest, src, strlen(src) > n ? n \
                                                           : strlen(src));

type of definions?  Simple, portable, efficient, and shouldn't overflow
[although it does require the programmer to ensure that n = sizeof(dest)].
Something similar could be done for strncat, with the comparison being
           strlen(src)+strlen(dest) > n ? n : strlen(src)
instead.

-JS

Current thread:

NCSA httpd 1.3 Kevin at Paranoia (Feb 23)
- Re: NCSA httpd 1.3 Thomas Lopatic (Feb 24)
- <Possible follow-ups>
- Re: NCSA httpd 1.3 Dan Thorson (Feb 24)
- Re: NCSA httpd 1.3 Jonathan Stott (Feb 24)
- Re: NCSA httpd 1.3 Ken Hardy (Feb 24)
- Re: NCSA httpd 1.3 Jordan Hayes (Feb 24)