adminRNC.RU

• Next message: Elias Levy: "(forw) Re: Netscape ftp Server (fwd)"
• Previous message: Joey Maier: "Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)"
• In reply to: Sebastian: "Re: ftpd: the advisory version"
• Next in thread: Sebastian: "Re: ftpd: the advisory version"
• Next in thread: Kragen Sitaker: "Re: ftpd: the advisory version"
• Reply: Kasatenko Ivan Alex.: "Re: ftpd: the advisory version"
• Reply: Sebastian: "Re: ftpd: the advisory version"
• Reply: Barney Wolff: "Re: ftpd: the advisory version"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello!

On Wed, Jun 28, 2000 at 10:55:19PM +0200, Sebastian wrote:
> Hi.
>
> So this is still unsafe:
>
> void
> func_weak (char *domain)
> {
> unsigned char buff[2000];
> size_t len = domain[0];
>
> strncpy (&buff[0], &domain[1], len);
> buff[1999] = '\x00';
> }
>

It *is* safe, as far as the char type is concerned.
And len cannot fall below zero and cannot grow above
255. (0 <= char <= 255, on most platforms)
The size of buff is much more than 255. So this code
is safe, in my opinion.

The problem may reveal itself only on computers where
char type is signed by default.

*wave*,
        John <skywriterrnc.ru>

• Next message: Elias Levy: "(forw) Re: Netscape ftp Server (fwd)"
• Previous message: Joey Maier: "Re: [RHSA-2000:039-02] remote root exploit (SITE EXEC) fixed (fwd)"
• In reply to: Sebastian: "Re: ftpd: the advisory version"
• Next in thread: Sebastian: "Re: ftpd: the advisory version"
• Next in thread: Kragen Sitaker: "Re: ftpd: the advisory version"
• Reply: Kasatenko Ivan Alex.: "Re: ftpd: the advisory version"
• Reply: Sebastian: "Re: ftpd: the advisory version"
• Reply: Barney Wolff: "Re: ftpd: the advisory version"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]