oss-sec mailing list archives

Re: Off-by-one question

From: Joshua Rogers <oss () internot info>
Date: Sun, 23 Nov 2014 17:29:19 +1100

On 23/11/14 03:47, Stuart Gathman wrote:

The snippet will print Fou.  The contract for strncpy is:

       The strncpy() function is similar, except that at most n bytes 
of  src
       are  copied.  Warning: If there is no null byte among the first
n bytes
       of src, the string placed in dest will not be null terminated.

So you are correct.  Unless strncpy is broken.

That's what I thought.

I wonder why MITRE says otherwise.

Thanks Stuart and Simon.
-- 
-- Joshua Rogers <https://internot.info/>

Current thread:

Off-by-one question Joshua Roers (Nov 21)
- Re: Off-by-one question Simon McVittie (Nov 22)
- Re: Off-by-one question Stuart Gathman (Nov 22)
  - Re: Off-by-one question Joshua Rogers (Nov 22)