|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh)
From: Aigars Grins (aigars.grins
DEFCOM-SEC.COM)Date: Thu Oct 05 2000 - 10:01:33 CDT
- Next message: Kev: "Re: ascii decoder"
- Previous message: Ed Lopez: "Re: ATM Switches"
- Maybe reply: Aigars Grins: "Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----- Original Message -----
From: Jonathan James <JonathanSECURITO.SE>
To: <VULN-DEVSECURITYFOCUS.COM>
Sent: Thursday, September 28, 2000 9:03 AM
Subject: Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh)
> int function(char *name) {
> char variable[5];
> strncpy(variable, name,5);
> variable[(sizeof(variable)-1)] = NULL; // (sizeof(variable)-1) instead
> of sizeof(variable) - NULL, \0, 0 ... whatever you want..
> printf("Hello %s",variable);
> return 0;
> }
Actualy NULL dosn't always equal 0 (well, at least it hasn't, according to
the ANSI C specification [under C++ it always does]). Don't ask me under
which OS blah blah it isn't because I know of none. The point in simply that
there are thingies even in languages like C, with which I persume your
familiar with :), that are not well known and employed. These thingies could
in theory mount up to a bug.
-- Aigars Grins
- Next message: Kev: "Re: ascii decoder"
- Previous message: Ed Lopez: "Re: ATM Switches"
- Maybe reply: Aigars Grins: "Re: C versus other languages, round 538 or so (Re: CGI scriptsinsh)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]