OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Vuln-Dev Archives: Re: Secure coding in C (was Re: Administrivi

Re: Secure coding in C (was Re: Administrivia #4883)

Subject: Re: Secure coding in C (was Re: Administrivia #4883)
From: CyberPsychotic (fygraveEPR0.ORG)
Date: Sat Jan 22 2000 - 02:44:57 CST

~ :> main()
~ :> {
~ :> char b[10];
~ :>
~ :> snprintf(b, 10, "I'm a really long test string!\n");
~ :>
~ :> printf("b[9]= %d\n", (int)b[9]);
~ :> }
~ :>
~ :> returns `b[9]= 0'
~ :
~ :Marco, might I be so bold to ask what you expected to happen? AFAICT, that
~ :is correct behavior..
~ :
~ :But, my C coding experience is .. limited. :)

 This depends on libc implementation really. The older snprintf code would
place the 10th caracter into b[9] and wouldn't end it up with zero. I
don't have the information regarding the libc's which are broken ready on
the moment, but I could make a little reseach, if someone's interested.
Anyway the rule of sane coding always dictates to declare b buffer as
b[MAX_POSSIBLE_LENGTH+1];

This archive was generated by hypermail 2b27 : Fri Jan 21 2000 - 10:56:24 CST