Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh)

From: Reid Nichol <rnichol () solutions net>
Date: Fri, 29 Sep 2000 09:27:02 -0500
As in the discussion of weather C is too hard or not for experience
programmers, isn't your code broken? :)

I didn't spend any time looking at the code. The example was there just to
illustrate my point.

int function(char *name) {
    char variable[5];
    strncpy(variable, name,5);
    variable[(sizeof(variable)-1)] = NULL; // (sizeof(variable)-1) instead
of sizeof(variable) - NULL, \0, 0 ... whatever you want..
    printf("Hello %s",variable);
    return 0;
 }


This is more of a developer question, I was taught that I should always use
'\0' as a terminator for my strings.  What is the reason for this?  Is it just
a portability issue, better programming practice and is there any
potential security related problems with using NULL?  The security related
problem being that the compiler does handle it in the right context, etc.

If this seems like a stupid question please don't batter me as I am just making
my first attempts to enter this field and want to be able to write secure code.

Private replies are welcome.

--
Reid "Sigma Nunki" Nichol

If you truly love the memory, you must set it free()
Previous By Date Next
Previous By Thread Next

Current thread: