Vulnerability Development mailing list archives
Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh)
From: Aigars Grins <aigars.grins () DEFCOM-SEC COM>
Date: Thu, 5 Oct 2000 16:01:33 +0100
----- Original Message ----- From: Jonathan James <Jonathan () SECURITO SE> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Thursday, September 28, 2000 9:03 AM Subject: Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh)
int function(char *name) { char variable[5]; strncpy(variable, name,5); variable[(sizeof(variable)-1)] = NULL; // (sizeof(variable)-1) instead of sizeof(variable) - NULL, \0, 0 ... whatever you want.. printf("Hello %s",variable); return 0; }
Actualy NULL dosn't always equal 0 (well, at least it hasn't, according to the ANSI C specification [under C++ it always does]). Don't ask me under which OS blah blah it isn't because I know of none. The point in simply that there are thingies even in languages like C, with which I persume your familiar with :), that are not well known and employed. These thingies could in theory mount up to a bug. -- Aigars Grins
Current thread:
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Bluefish (P.Magnusson) (Oct 02)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Dag-Erling Smorgrav (Oct 02)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Peter Pentchev (Oct 02)
- <Possible follow-ups>
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Aigars Grins (Oct 10)