[BusyBox] #define -> static const int (last call)

Mark Whitley markw at lineo.com
Tue Jan 23 18:10:48 UTC 2001


On Tue, Jan 23, 2001 at 09:43:32AM -0600, David Douthitt wrote:

[snipped: example code]

> 
> Isn't strcpy dangerous, and shouldn't be replaced with strncpy?  I'm 
> not a wizard at security (yet :) but I thought strcpy was a risk, 
> especially when given user-input data.

This was an example snippet of code, given for demonstration purposes only. I
did not cut-n-paste this code from any file in busybox, I just pulled it off
the top of my head, solely for the purpose of illustrating the static buffer
situation.

Having said all that, you are correct, strcpy is dangerous and strncpy should
be used in it's place.

Mark Whitley
markw at lineo.com





More information about the busybox mailing list