No need for AV tools on Linux, eh?
Ian Malone
ibmalone at gmail.com
Fri Feb 18 22:44:42 UTC 2011
On 18 February 2011 19:13, Joe Zeff <joe at zeff.us> wrote:
> On 02/18/2011 09:55 AM, Ian Malone wrote:
>> To derail discussion slightly, this doesn't really fix the problem,
>> just shifts it to a different place (keeping track of lengths and
>> dynamically handling data)
>
> In a word, "NO." You know how big your buffer is so you only allow
> strncpy() to copy that many bytes, throwing away any excess.
Used properly, yes you've avoided buffer overruns, used badly no.
strncpy(dest,src,strlen(src)+1)
Ridiculous? Yes. Never used in practice? I'd like to believe it.
strncpy has been in C since it was first standardised, but people
still write code that overflows.
--
imalone
More information about the users
mailing list