Re: buffer overflow in /bin/gzip?
On Wed, Nov 21, 2001 at 12:47:49AM -0600, Bryan Andersen wrote:
> On thing I think is quite important is to get rid of calls to
> routines that it is possible to buffer overflow. OpenBSD has a
> "feature" in their version of gcc that will cause a compile time
> error message telling you when one of the standard library
> routines known to be overflowable is used.
I hope strcpy() does not belong to this class. It's quite common to do
something like this:
int len = strlen(s);
char *new = (char *) malloc(len + 1);
strcpy(new, s);
This is perfectly fine.
strncpy() is even more dangerous, since it doesn't add a final nul-byte if
strlen(src) > n. Most people are not aware of this problem. So, most of
the time you use strncpy() you should use a construction like this:
strncpy(dst, src, len);
dst[len] = '\0';
- Sebastian
Reply to: