Re: [Exim] Fw: (bugtraq) Exim 3.34 and lower

Top Page
Delete this message
Reply to this message
Author: Vadim Vygonets
Date:  
To: exim-users
Subject: Re: [Exim] Fw: (bugtraq) Exim 3.34 and lower
Quoth Florian Weimer on Thu, Feb 14, 2002:
> Philip Hazel <ph10@???> writes:
> > The author of the patch uses strncpy(a,b,n) to mean "copy string b
> > to buffer a, which is of length n". This is actually not sensible if
> > n is a lot larger than the length of string b. The reason it is not
> > sensible is that strncpy() insists on padding out the destination
> > buffer with binary zeros to the length given.


This sounds weird.

> strncpy() has a far more serious problem: It does not write a
> terminating zero if the buffer is full. This means that buffer
> overflows can occur later in unexpected places.


True.

But one can always borrow strlcpy(3) from OpenBSD. This function
was written especially to avoid problems with strncpy(3).

Source:
ftp://ftp.openbsd.org/pub/OpenBSD/src/lib/libc/string/strlcpy.c
ftp://ftp.openbsd.org/pub/OpenBSD/src/lib/libc/string/strlcpy.3

Man page in HTML format:
http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html

Vadik.

--
Any language that involves exposing private parts to friends is a
tad suspect...
        -- Geoff Lane in the Monastery, about C++