Subject: Re: CVS commit: basesrc
To: None <email@example.com>
From: Christos Zoulas <firstname.lastname@example.org>
Date: 09/15/2000 13:01:49
On Sep 15, 12:02pm, email@example.com (Bill Sommerfeld) wrote:
-- Subject: Re: CVS commit: basesrc
I agree, this was only intended as an example... The resulting ftpd will
suffer from security overflow problems.
| CPPFLAGS+= \
| '-Dstrlcpy(a,b,c)=(strncpy(a,b,c),strlen(a))' \
| '-Dstrlcat=strncat' \
| I strongly advise against using an ftpd build this way.
| It is possible (perhaps even likely) that a 1.4.2 ftpd built with this
| value of CPPFLAGS may be vulnerable to buffer overrun attacks.
| The strn* and strl* function families do *not* have equivalent
| bounds-checking and null-termination behavior.
| For instance, strncat appends at most c characters, yielding a string
| of length at most strlen(a)+c, occupying strlen(a)+c+1 bytes; strlcat
| is guaranteed to produce a null-terminated string no longer than c-1
| characters, occupying no more than c bytes.
| Some untested, but potentially more correct (albeit not exactly
| equivalent) replacements:
| strlcat(a,b,c) could be replaced by strncat(a,b,max(0,c-strlen(a)-1))
| strlcpy(a,b,c) could with (strncpy(a,b,c-1),a[c-1]=0,strlen(a))
| - Bill
-- End of excerpt from Bill Sommerfeld