Bugtraq mailing list archives
Re: simple kde exploit fix
From: thospel () mail dma be (Ton Hospel)
Date: Sun, 17 May 1998 23:09:19 GMT
In article <Pine.LNX.3.96.980517144346.10501A-100000 () lurk kellogg nwu edu>, David Zhao <dzhao () LURK KELLOGG NWU EDU> writes:
in kdebase/kscreensaver/kscreensave.cpp: change: line 18: strcpy( buffer, getenv("HOME") ); to strncpy( buffer, getenv("HOME"), 256);
Why do people like strncpy so much ? It sucks almost as badly as strcpy. strncpy has two drawbacks: - it always fills the buffer with nulls, which is a waste of time - It does NOT null terminate a string that's too long Also, getenv returns NULL if an environment variable does not exist, and not all OS's will check NULL access, so you can pick up garbage from adres 0 in your computer. Better fixing style: char *env; int len; env = getenv("HOME"); if (env) { len = strlen(env); if (len >= BUFLEN) len = BUFLEN-1; memcpy(buffer, env, len); env[len] = 0; } else do_something_intelligent();
Current thread:
- Re: simple kde exploit fix Ton Hospel (May 17)
- <Possible follow-ups>
- Re: simple kde exploit fix Ton Hospel (May 17)
- Re: simple kde exploit fix Ton Hospel (May 18)