Subject: Re: gzip buffer overflow found
To: None <>
From: Peter Seebach <>
List: current-users
Date: 01/24/2001 12:55:41
In message <>, Greg A. Woods writes:
>These days I'm pretty sure it's still mandated by the ISO C standard.


>don't have a copy of the standard, but each of K&R (2nd edition),
>Harbison&Steele, and the 4BSD manual pages (which claim ANSI X3.159-1989
>conformance for strcpy() and strncpy()) explicitly state that strncpy
>always copies `n' characters to the destination, padding with '\0' chars
>if the source was less than `n' characters (and of course not
>terminating the destination at all if the source is longer than `n'

Yes.  This is why it sucks.  :)