Bugtraq mailing list archives
Re: Responses to: Unix Security Kernel Changes
From: aeon () TAMPABAY RR COM (Paul Braman)
Date: Fri, 29 Jan 1999 06:41:55 -0500
On Thu, 28 Jan 1999, Jonathan A. Zdziarski wrote:
OK NOW: Let me introduce a new question to you. How come we cannot write our std c libraries to do something similar to this before performing strcat's, etc... a[sizeof(b)] = NULL (or 0); to nullify out position x of the variable being copied from where b is the variable being copied to ... so if b is a 128 byte array, a[128] = 0...if there's a null before that fine...it will stop there...if not, it will forcibly stop at 128 when it hits the null.
If a is *not* at least 128 bytes you've just overstepped your bounds. Besides, when you have received b as a character pointer sizeof() will return the size of the pointer, not the size of the character array. Paul Braman aeon () tampabay rr com
Current thread:
- [HERT] ANNOUNCE: linux auditd daemon 1.10 Anthony C . Zboralski (Jan 26)
- Re: [HERT] ANNOUNCE: linux auditd daemon 1.10 Anthony C . Zboralski (Jan 27)
- Unix Security Kernel Changes Jonathan A. Zdziarski (Jan 27)
- Responses to: Unix Security Kernel Changes Jonathan A. Zdziarski (Jan 28)
- Re: Responses to: Unix Security Kernel Changes Paul Braman (Jan 29)
- WebTrends Security Analyzer v2.0 now available<WTID-100244707> wiseleo () BEST COM (Jan 29)
- Re: Responses to: Unix Security Kernel Changes Michael H. Warfield (Jan 29)
- Security Advisory for Internet Information Server 4 with Site mnemonix (Jan 30)
- Responses to: Unix Security Kernel Changes Jonathan A. Zdziarski (Jan 28)
- How the MS Critical Update Notification works... HD Moore (Jan 27)
- Re: How the MS Critical Update Notification works... Brian Hayward (Jan 28)
- EDA/SQL Victor A. Rodriguez (Jan 28)