[BusyBox] #define -> static const int (last call)

David Douthitt ssrat at mailbag.com
Tue Jan 23 15:43:32 UTC 2001


A note about code....

On 22 Jan 2001, at 23:19, Mark Whitley wrote:

> Per Erik's "last call for patches", here is the latest '#define -> static
> const int' patch. This got pushed onto the back burner for awhile, but it's
> back, and ready to go in.

> 	static char *pbuffer
> 	...
> 	other_func()
> 	{
> 		strcpy(pbuffer, lotsa_chars); /* happily uses global *pbuffer */
> 	...
> 	foo_main()
> 	{
> 		char *buffer[BUFSIZ]; /* declared locally, on stack */
> 		pbuffer = buffer;     /* but available globally */
> 	...

Isn't strcpy dangerous, and shouldn't be replaced with strncpy?  I'm 
not a wizard at security (yet :) but I thought strcpy was a risk, 
especially when given user-input data.

-- 
David Douthitt
UNIX Systems Administrator
HP-UX, Linux, Unixware
n9ubh at callsign.net





More information about the busybox mailing list