Bugtraq mailing list archives
Re: strcpy versus strncpy
From: cmason () WYREX COM (Chris L. Mason)
Date: Tue, 3 Mar 1998 23:38:18 -0500
It is kalled SIGSEGV ... Because strlen is simply an size_t i; char *string; for(i=0;*(string+i)!='\0';i++); return i; And when (string+1) points outside the space allocated .. well .. possible it doesn't find a '\0' there .. possible it don't even can read it .. And thats why you can't do that.
Good point. Here's a revised version (also incorporating other suggestions made) size_t sstrlen(const char *s, size_t n) { size_t i; for(i = 0; (*(s+i) != '\0' && i < n); i++); return i; } char *sstrncpy(char *dst, size_t n1, const char *src, size_t n2) { if (sstrlen(src, n2) > (n1 - 1)) { errno = ENOSPC; dst[0] = NULL; return NULL; } strncpy(dst, src, n2); return dst; } Something similar could be done with strncat as well. Note that I don't return the number of bytes written because I wanted to remain consistent with the existing strncpy. Chris
Current thread:
- updatedb: sort patch, (continued)
- updatedb: sort patch Michael Ballbach (Mar 02)
- Re: strcpy versus strncpy Eivind Eklund (Mar 03)
- Vulnerabilites in some versions of info2www CGI Niall Smart (Mar 03)
- Universal Wrapper Willy TARREAU (Mar 03)
- Re: strcpy versus strncpy Victor Lavrenko (Mar 03)
- Re: strcpy versus strncpy Chris L. Mason (Mar 03)
- Re: strcpy versus strncpy Mark Whitis (Mar 04)
- Re: strcpy versus strncpy Andy Church (Mar 02)
- Re: strcpy versus strncpy Edwin Li-Kai Liu (Mar 03)
- Re: strcpy versus strncpy Ben Laurie (Mar 03)
- Re: strcpy versus strncpy Chris L. Mason (Mar 03)
- Re: strcpy versus strncpy der Mouse (Mar 04)
- Re: strcpy versus strncpy Aleph One (Mar 04)
- Re: strcpy versus strncpy Aleph One (Mar 04)
- Re: strcpy versus strncpy Aleph One (Mar 04)
- Re: strcpy versus strncpy Aleph One (Mar 04)
- Re: strcpy versus strncpy der Mouse (Mar 05)
- Re: strcpy versus strncpy Nick Maclaren (Mar 05)
- Re: strcpy versus strncpy Steve Bellovin (Mar 05)
- Re: strcpy versus strncpy Paul McNabb (Mar 05)