[patch] abuse of strncpy
walter harms
wharms at bfs.de
Fri Jun 2 08:07:30 UTC 2006
Hi Erik good catch,
if you are concerned about security why not use strlcpy() or a bb
supplied bb_strlcpy() if its not available ?.
"the result is always a valid NUL-terminated string that fits in the
buffer (unless, of course, the buffer size is zero)."
strncpy() does not do it (IMHO: design error).
re,
wh
Erik Hovland wrote:
> package: busybox
> version: trunk (20060601)
>
> This patch addresses all of the uses of strncpy that I thought were
> abusive in that they allowed copy such that \0 termination could
> potentially be lost.
>
> Thanks
>
> E
>
>
>
More information about the busybox
mailing list