[6791] in bugtraq
Re: simple kde exploit fix
daemon@ATHENA.MIT.EDU (Ton Hospel)
Mon May 18 13:01:57 1998
X-Complaints-To: thospel@mail.dma.be
Date: Sun, 17 May 1998 23:09:19 GMT
Reply-To: Ton Hospel <thospel@mail.dma.be>
From: Ton Hospel <thospel@MAIL.DMA.BE>
To: BUGTRAQ@NETSPACE.ORG
In article <Pine.LNX.3.96.980517144346.10501A-100000@lurk.kellogg.nwu.edu>,
David Zhao <dzhao@LURK.KELLOGG.NWU.EDU> writes:
> in kdebase/kscreensaver/kscreensave.cpp:
>
> change:
> line 18: strcpy( buffer, getenv("HOME") );
> to
> strncpy( buffer, getenv("HOME"), 256);
>
Why do people like strncpy so much ? It sucks almost as badly as strcpy.
strncpy has two drawbacks:
- it always fills the buffer with nulls, which is a waste of time
- It does NOT null terminate a string that's too long
Also, getenv returns NULL if an environment variable does not exist,
and not all OS's will check NULL access, so you can pick up garbage
from adres 0 in your computer.
Better fixing style:
char *env;
int len;
env = getenv("HOME");
if (env) {
len = strlen(env);
if (len >= BUFLEN) len = BUFLEN-1;
memcpy(buffer, env, len);
env[len] = 0;
} else do_something_intelligent();
