Subject: Re: gzip buffer overflow found
To: None <email@example.com>
From: Peter Seebach <firstname.lastname@example.org>
Date: 01/24/2001 12:55:41
In message <20010124185038.37CD55@proven.weird.com>, Greg A. Woods writes:
>These days I'm pretty sure it's still mandated by the ISO C standard.
>don't have a copy of the standard, but each of K&R (2nd edition),
>Harbison&Steele, and the 4BSD manual pages (which claim ANSI X3.159-1989
>conformance for strcpy() and strncpy()) explicitly state that strncpy
>always copies `n' characters to the destination, padding with '\0' chars
>if the source was less than `n' characters (and of course not
>terminating the destination at all if the source is longer than `n'
Yes. This is why it sucks. :)