RE: Administrivia: List Announcement

["Oliver Lavery" <oliver.lavery () sympatico ca>]

        True, and a very good point. 

        Need to manually add a NULL as the last character for both buffers.
In fact, will the for-loop copy ever NULL terminate the string? Glancing at
it again, it doesn't seem so.

~ol

> -----Original Message-----
> From: Shafik Yaghmour [mailto:subs () shafik net] 
> Sent: May 13, 2003 3:22 PM
> To: xenophi1e
> Cc: vuln-dev () securityfocus com
> Subject: Re: Administrivia: List Announcement
>
>
> On 13 May 2003, xenophi1e wrote:
>
> > > We'll kick this off with the first challenge, which was devised by 
> > > Aaron
> > > Adams:
> > >
> > >        strncpy(buf2, p2, SIZE);
> >
> > Off-by-one. Third arg should be SIZE-1 to leave room for the 
> > terminating
> > NULL. This error should lead to a heap based vulnerability when the 
> > memory is free()d.
>
>       You are assuming there is a terminating NULL, there may not be. 
> Although in this example it does not make a difference, but in a real 
> world program it would probably be bad.
>
> Take care
>
> -- 
> Those who dream by day are cognizant of many things which 
> escape those who dream only by night. -Edgar Allan Poe