[BusyBox] #define -> static const int (last call)
David Douthitt
ssrat at mailbag.com
Tue Jan 23 15:43:32 UTC 2001
A note about code....
On 22 Jan 2001, at 23:19, Mark Whitley wrote:
> Per Erik's "last call for patches", here is the latest '#define -> static
> const int' patch. This got pushed onto the back burner for awhile, but it's
> back, and ready to go in.
> static char *pbuffer
> ...
> other_func()
> {
> strcpy(pbuffer, lotsa_chars); /* happily uses global *pbuffer */
> ...
> foo_main()
> {
> char *buffer[BUFSIZ]; /* declared locally, on stack */
> pbuffer = buffer; /* but available globally */
> ...
Isn't strcpy dangerous, and shouldn't be replaced with strncpy? I'm
not a wizard at security (yet :) but I thought strcpy was a risk,
especially when given user-input data.
--
David Douthitt
UNIX Systems Administrator
HP-UX, Linux, Unixware
n9ubh at callsign.net
More information about the busybox
mailing list