[6739] in bugtraq
Re: Samba problems
daemon@ATHENA.MIT.EDU (Marco S Hyman)
Mon May 11 18:22:14 1998
Date: Sun, 10 May 1998 19:08:22 -0700
Reply-To: Marco S Hyman <marc@SNAFU.ORG>
From: Marco S Hyman <marc@SNAFU.ORG>
X-To: David LeBlanc <dleblanc@mindspring.com>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Sun, 10 May 1998 17:54:56 EDT."
<3.0.3.32.19980510175456.00a9f280@mindspring.com>
> I have the same sort of beef with strncpy - if you overflow a strncpy, it
> won't null terminate, and snprintf will do the same thing. You may no
Who's snprintf doesn't null terminate? The OpenBSD man page reads:
Snprintf(), vsnprintf(), asnprintf() and vasnprintf() will write at most
size-1 of the characters printed into the output string (the size'th
character then gets the terminating `\0'); if the return value is greater
I otherwise agree that passing possible garbage on to other functions is
not a recommended way to write secure programs.
// marc
