Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New Microsoft Security Tool for developers

From: "Erik Anderson" <eanderso () co kitsap wa us>
Date: Tue, 16 Dec 2003 14:04:20 +0000
Crispin Cowan 12/15/03 9:14:46 AM >>>

DE> It will copy UP TO len bytes from src to the dest.
DE> If the length of src is only 4 bytes, it will only
DE> copy 4 bytes to dest, and nullify the rest of the
DE> buffer of dest. As such, there is no information
DE> disclosure issues with this call as you describe
DE> the threat.

CC> I cannot find supporting documentation for the
CC> claim "and nullify the rest of the buffer of dest".
CC> IIRC, strncpy will copy a null byte from src to dst,
CC> but it does not nullify the rest of dst.

As I don't have a copy of the standard with me, the closest I can come
is from the Jan 18, 99 draft:

7.21.2.4 The strncpy function
Synopsis
#include <string.h>
char *strncpy(char * restrict s1, const char * restrict s2, size_t n);

Description
The strncpy function copies not more than n characters (characters that
follow a null character are not copied) from the array pointed to by s2
to the array pointed to by s1. If copying takes place between objects
that overlap, the behavior is undefined.

If the array pointed to by s2 is a string that is shorter than n
characters, null characters are appended to the copy in the array
pointed to by s1, until n characters in all have been written.

Returns
The strncpy function returns the value of s1.
Previous By Date Next
Previous By Thread Next

Current thread: