[1080] in bugtraq
Re: NCSA httpd 1.3
daemon@ATHENA.MIT.EDU (Jonathan Stott)
Fri Feb 24 17:43:03 1995
Date: Fri, 24 Feb 95 15:40:57 -0500
From: jstott@alcom.phys.cwru.edu (Jonathan Stott)
To: Dan_Thorson@notes.seagate.com
Cc: bugtraq@fc.net
> However, perhaps another rule:
> Avoid using strncat(dest, src, n) or strncpy(dest, src, n), etc, as they
> _also_ do no checking on the max length of "dest", although 'n' can be
> properly calculated & make them safe.
How about
#define STRCPY(dest,src,n) strncpy(dest, src, strlen(src) > n ? n \
: strlen(src));
type of definions? Simple, portable, efficient, and shouldn't overflow
[although it does require the programmer to ensure that n = sizeof(dest)].
Something similar could be done for strncat, with the comparison being
strlen(src)+strlen(dest) > n ? n : strlen(src)
instead.
-JS
