Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1

[Tom Lord]

    > From: Miles Bader <address@hidden>

    > On Sun, Apr 18, 2004 at 10:56:35AM +0200, Matthieu Moy wrote:
    > >  * characters are written.  This function stores up to `n+1' characters:
    > >  * up to `n' non-0 characters from `from', plus a final 0. 

    > I think that's a dangerous interface: as it stores up to `n + 1' 
characters,
    > it requires the user to worry about subtracting one from their buffer 
size.
    > Sometimes they will forget to do this and just pass in `sizeof buf' or
    > something.

    > It would be  better to copy only `n - 1' real characters in the case of an
    > overflow, so that the final `\0' makes `n'.

That just shifts around the bugs and resulting exploits.  There is no
such thing as safe, easy-to-use, non-allocating string-algebra
primitives.  That's one reason why higher-level string types are being
added to hackerlab.

-t