NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/38201: Potential lack of null termination when copying a string
On Tue, Mar 11, 2008 at 06:45:02PM +0000, David Laight wrote:
> On Sat, Mar 08, 2008 at 10:25:46PM +0000, David Holland wrote:
> > On Sat, Mar 08, 2008 at 07:55:01PM +0000, netbsd%happyjack.org@localhost
> wrote:
> > > [who/utmpentry.c]
> > >
> > > In two places, the wrong object is null-terminated after a
> > > strncpy(), resulting in a potential lack of null termination.
> >
> > Good catch... but it turns out that those null terminations are
> > neither necessary nor useful. I will clean up the mess...
>
> Actually they were also wrong!
>
> (void)strncpy(e->host, up->ut_host, sizeof(up->ut_host));
> - e->name[sizeof(e->name) - 1] = '\0';
> + e->host[sizeof(e->host) - 1] = '\0';
>
> Since e->host is guaranteed to be longer than up->ut_host, and strncpy
> is used because up->ut_host might not be null terminated, the correct
> line would be:
> e->host[sizeof up->ut_host - 1] = 0;
>
> Of course, the code worked because the buffer had just been calloc'ed.
As mrg noted, e->host[sizeof up->ut_host] = 0; would be better.
This is why I changed it around the way I did...
--
David A. Holland
dholland%netbsd.org@localhost
Home |
Main Index |
Thread Index |
Old Index