Vulnerability Development mailing list archives

Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh)

From: Aigars Grins <aigars.grins () DEFCOM-SEC COM>
Date: Thu, 5 Oct 2000 16:01:33 +0100

----- Original Message -----
From: Jonathan James <Jonathan () SECURITO SE>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Thursday, September 28, 2000 9:03 AM
Subject: Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh)

int function(char *name) {
    char variable[5];
    strncpy(variable, name,5);
    variable[(sizeof(variable)-1)] = NULL; // (sizeof(variable)-1) instead
of sizeof(variable) - NULL, \0, 0 ... whatever you want..
    printf("Hello %s",variable);
    return 0;
 }


Actualy NULL dosn't always equal 0 (well, at least it hasn't, according to
the ANSI C specification [under C++ it always does]). Don't ask me under
which OS blah blah it isn't because I know of none. The point in simply that
there are thingies even in languages like C, with which I persume your
familiar with :), that are not well known and employed. These thingies could
in theory mount up to a bug.

--
Aigars Grins

Current thread:

Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Bluefish (P.Magnusson) (Oct 02)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Dag-Erling Smorgrav (Oct 02)
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Peter Pentchev (Oct 02)
- <Possible follow-ups>
- Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh) Aigars Grins (Oct 10)