[15529] in bugtraq
Re: ftpd: the advisory version
daemon@ATHENA.MIT.EDU (Dan Harkless)
Wed Jun 28 18:10:28 2000
Message-ID: <200006272242.PAA20500@dilvish.speed.net>
Date: Tue, 27 Jun 2000 15:41:59 -0700
Reply-To: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
From: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Message from Sebastian <scut@NB.IN-BERLIN.DE> of "Mon, 26 Jun
2000 23:03:07 +0200." <20000626230307.A22291@nb.in-berlin.de>
Sebastian <scut@NB.IN-BERLIN.DE> writes:
> So please, use unsigned char pointers, buffers and casts. For example the
> proper code for the above function would be:
>
> void
> func_proper (unsigned char *domain)
> {
> int len = domain[0];
> unsigned char buff[64];
>
>
> if (len >= 64)
> return;
>
> strncpy (buff, &domain[1], len);
> buff[63] = '\x00';
> }
Uh, no, the strncpy() prototype is:
char *strncpy(char *dst, const char *src, size_t n);
len should be a size_t (which is typedef'd to be some kind of unsigned int),
which would avoid the problem (without having to mess with explicitly
unsigned chars, which will cause warnings on platforms where chars are
signed, for one thing).
----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
dan-bugtraq@dilvish.speed.net | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
