On Sep 15, 12:02pm, sommerfeld@orchard.arlington.ma.us (Bill Sommerfeld) wrote:
-- Subject: Re: CVS commit: basesrc

I agree, this was only intended as an example... The resulting ftpd will
suffer from security overflow problems.

christos

|    CPPFLAGS+= \
|        '-Dstrlcpy(a,b,c)=(strncpy(a,b,c),strlen(a))' \
|        '-Dstrlcat=strncat' \
|        '-Dsl_add(a,b)=(sl_add(a,b),0)'
| 
| I strongly advise against using an ftpd build this way.
| 
| It is possible (perhaps even likely) that a 1.4.2 ftpd built with this
| value of CPPFLAGS may be vulnerable to buffer overrun attacks.
| 
| The strn* and strl* function families do *not* have equivalent
| bounds-checking and null-termination behavior.  
| 
| For instance, strncat appends at most c characters, yielding a string
| of length at most strlen(a)+c, occupying strlen(a)+c+1 bytes; strlcat
| is guaranteed to produce a null-terminated string no longer than c-1
| characters, occupying no more than c bytes.
| 
| Some untested, but potentially more correct (albeit not exactly
| equivalent) replacements:
| 
| 	strlcat(a,b,c) could be replaced by strncat(a,b,max(0,c-strlen(a)-1))
| 	strlcpy(a,b,c) could with (strncpy(a,b,c-1),a[c-1]=0,strlen(a))
| 
| 					- Bill
-- End of excerpt from Bill Sommerfeld