Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ftpd: the advisory version

From: dan-bugtraq () DILVISH SPEED NET (Dan Harkless)
Date: Tue, 27 Jun 2000 15:41:59 -0700

Sebastian <scut () NB IN-BERLIN DE> writes:

So please, use unsigned char pointers, buffers and casts. For example the
proper code for the above function would be:

void
func_proper (unsigned char *domain)
{
      int             len = domain[0];
      unsigned char   buff[64];


      if (len >= 64)
              return;

      strncpy (buff, &domain[1], len);
      buff[63] = '\x00';
}


Uh, no, the strncpy() prototype is:

    char *strncpy(char *dst, const char *src, size_t n);

len should be a size_t (which is typedef'd to be some kind of unsigned int),
which would avoid the problem (without having to mess with explicitly
unsigned chars, which will cause warnings on platforms where chars are
signed, for one thing).

----------------------------------------------------------------------
Dan Harkless                   | To prevent SPAM contamination, please
dan-bugtraq () dilvish speed net  | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts.  Thank you.
Previous By Date Next
Previous By Thread Next

Current thread: