[patch] abuse of strncpy

walter harms wharms at bfs.de
Fri Jun 2 08:07:30 UTC 2006


Hi Erik good catch,
if you are concerned about security why not use strlcpy() or a bb 
supplied bb_strlcpy() if its not available ?.

"the result is always a valid NUL-terminated string that fits in the
buffer (unless, of course, the buffer size is zero)."

strncpy() does not do it (IMHO: design error).
re,
  wh

Erik Hovland wrote:
> package: busybox
> version: trunk (20060601)
> 
> This patch addresses all of the uses of strncpy that I thought were
> abusive in that they allowed copy such that \0 termination could
> potentially be lost.
> 
> Thanks
> 
> E
> 
> 
> 



More information about the busybox mailing list