[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1

From: Robin Farine
Subject: Re: [Gnu-arch-users] Emgergency release of tla-1.2.1pre1
Date: Sun, 18 Apr 2004 15:12:09 +0200
User-agent: Mozilla Thunderbird 0.5 (X11/20040306)

Aaron Bentley wrote:

Matthieu Moy wrote:

The  code used  to extract  the  password from  the URL  uses a  buggy
implementation of strncpy that just forgets the final '\0'.

strncpy isn't supposed to NUL-terminate the string.

I think Matthieu was referring to hackerlab's str_cpy_n() function which, according to the comment copied below, _has_ to null-terminate the target string.

    * \Warning:/ This function is different from `strncpy'.  `strncpy'
    * always stores exactly `n' characters in `to', padding the result
    * with 0 if a 0 character is encountered in `from' before `n'
    * characters are written.  This function stores up to `n+1' characters:
    * up to `n' non-0 characters from `from', plus a final 0.

Again, according to this comment, the padding is not necessary and thus I would propose this patch:

--- orig/char/str.c
+++ mod/char/str.c
@@ -540,9 +540,8 @@
         *to++ = *from++;
+      *to++ = 0;
-  while (n--)
-    *to++ = 0;
  return answer;


reply via email to

[Prev in Thread] Current Thread [Next in Thread]