Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_1

Bugtraq archives for 1st quarter (Jan-Mar) 1998: Re: strcpy versus strncpy

Re: strcpy versus strncpy

Joe Zbiciak (j-zbiciak1ti.com)
Tue, 3 Mar 1998 01:25:06 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Kragen: "Re: strcpy versus strncpy"
Previous message: Niall Smart: "Vulnerabilites in some versions of info2www CGI"
In reply to: Dean Gaudet: "Re: strcpy versus strncpy"
Next in thread: Aleph One: "Re: strcpy versus strncpy"

'Dean Gaudet' said previously:
|
| You forgot:
|
| 4. strncpy is required to zero-fill the entire destination, which can be
| quite a performance pig if the destination is big and the strncpy is
| executed frequently.

and

5. strncpy may not zero-terminate the resulting string, leading to other
   interesting problems if you don't ensure that the resulting string
   is zero terminated yourself.

(AT&T SVR4 had a lot of bugs in this vein regarding utmp, since their
utmp structure only allowed 8 characters for login names.  If you had
an 8 character login name, programs like "who" would show garbage after
the login name because they'd assume that ut_user[] was zero terminated
when it isn't necessarily.)

Regards,

--Joe

--
 +----------- Joseph Zbiciak ----------+  Eliminate idle cycles!
 | - - - -  j-zbiciak1ti.com  - - - - |  http://www.distributed.net/
 |- http://www.primenet.com/~im14u2c/ -|
 | - - -Texas Instruments, Dallas- - - |  "I feel as much like I did
 +-----#include "std_disclaimer.h"-----+   yesterday as I do today."

Next message: Kragen: "Re: strcpy versus strncpy"
Previous message: Niall Smart: "Vulnerabilites in some versions of info2www CGI"
In reply to: Dean Gaudet: "Re: strcpy versus strncpy"
Next in thread: Aleph One: "Re: strcpy versus strncpy"