[39912] in Cypherpunks
Re: Another Netscape Bug (and possible security hole)
daemon@ATHENA.MIT.EDU (Michael Elkins)
Fri Sep 22 19:05:13 1995
To: cypherpunks@toad.com
Date: Fri, 22 Sep 1995 15:59:02 -0700
From: "Michael Elkins" <elkins@zzyzx.aero.org>
In-Reply-To: <199509222051.NAA10687@ix.ix.netcom.com> from "John Lull" at Sep 22, 95 01:49:41 pm
Reply-To: elkins@antares.aero.org
-----BEGIN PGP SIGNED MESSAGE-----
John Lull writes:
> Better yet, ban both strncpy and strncat. Replace them with
> differently-named routines (strbcpy and strbcat?) that, given a buffer
> length, are GUARANTEED to always give you a properly terminated string
> that (including the terminator) does not overflow the specified
> buffer.
Elm does something along these lines. It has a routine strfcopy() which you
basically call as:
strfcpy (dest, source, sizeof (dest));
I also wrote a strmcopy() which malloc()s enough space to hold the string if
it is not availible. I therefore guarantee that I will not overwrite the
intended memory area.
- --
Michael Elkins <elkins@aero.org> Web: http://www.cs.hmc.edu/~me/index.html
PGP mail preferred. Public key availible via web or 'finger -l me@cs.hmc.edu'
"I could be wasting my time more productively than this." --me
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMGM/nWN9oWBghPDJAQGgYgP/SwiPszR/zLTPAa9Inpy++9HIy3JcTkG7
ieSkYRyLpuNKYsFzKRdpiOb+b/+s1JPBw1XitFrTwz4qGGrnPrpfeqbGroVAcENE
Vzi9tj+tZs83oD5PYpcIuLb7UfMN+YInpf32P/EsuG90lPfgF7090xb0Htzp2gtD
RaaEcazc0Z4=
=MZKu
-----END PGP SIGNATURE-----
