Secure Coding mailing list archives
RE: New Microsoft Security Tool for developers
From: Örjan Petersson <nospam () logcode com>
Date: Mon, 15 Dec 2003 11:21:50 +0000
Jannie Hanekom wrote:
I've been following this more as an enthusiast than a professional developer, but isn't there potential for information leakage with that code? It always copies 9 bytes of data, regardless of the length of str, meaning it can potentially place information in buffer that
wasn't
in str in the first place.
No, strncpy(s1, s2, n) copies *at most* n characters from s2 to s1. Characters that follow a null character in s2 are not copied. -- Ãrjan Petersson, Logcode SARL The email address in the From: header is valid
Current thread:
- RE: New Microsoft Security Tool for developers, (continued)
- RE: New Microsoft Security Tool for developers Gene Spafford (Dec 13)
- Re: New Microsoft Security Tool for developers Mark Graff (Dec 13)
- RE: New Microsoft Security Tool for developers Jannie Hanekom (Dec 14)
- Re: New Microsoft Security Tool for developers der Mouse (Dec 15)
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 15)
- Re: New Microsoft Security Tool for developers Crispin Cowan (Dec 15)
- Re: New Microsoft Security Tool for developers Dana Epp (Dec 15)
- RE: New Microsoft Security Tool for developers Örjan Petersson (Dec 16)
- strncpy (was: Re: New Microsoft Security Tool for developers) David A. Wheeler (Dec 16)
- Re: strncpy (was: Re: New Microsoft Security Tool for developers) Florian Weimer (Dec 17)
- RE: New Microsoft Security Tool for developers Gene Spafford (Dec 13)
- Re: New Microsoft Security Tool for developers Dave Aronson (Dec 15)
- Re: New Microsoft Security Tool for developers Gene Spafford (Dec 17)
- Re: New Microsoft Security Tool for developers Mikey (Dec 17)