Bugtraq mailing list archives
Re: ftpd: the advisory version
From: jor () FM RZ FH-MUENCHEN DE (Juergen P. Meier)
Date: Fri, 30 Jun 2000 09:40:00 +0200
On Tue, Jun 27, 2000 at 03:41:59PM -0700, Dan Harkless wrote:
Sebastian <scut () NB IN-BERLIN DE> writes:So please, use unsigned char pointers, buffers and casts. For example the proper code for the above function would be: void func_proper (unsigned char *domain) { int len = domain[0]; unsigned char buff[64]; if (len >= 64) return; strncpy (buff, &domain[1], len); buff[63] = '\x00'; }Uh, no, the strncpy() prototype is: char *strncpy(char *dst, const char *src, size_t n); len should be a size_t (which is typedef'd to be some kind of unsigned int), which would avoid the problem (without having to mess with explicitly unsigned chars, which will cause warnings on platforms where chars are signed, for one thing).
or where a size_t has different wordlength than an int ;) this will be one of the biggest problems, to get those int's out of peoples mind (the code is cleaned quick enough ;) never ever rely on the size of ordinals. -- Juergen P. Meier email: jpm () class de Class GmbH Firmengruppe phone: +49 172 8379103
Current thread:
- Improved ARP sniffer, (continued)
- Improved ARP sniffer Paul Starzetz (Jun 27)
- [suse-security-announce] SuSE Security Announcement: kernel-2.2.x (fwd) Daniel T. Chen (Jun 27)
- Re: ftpd: the advisory version Steven M. Bellovin (Jun 26)
- Re: ftpd: the advisory version Dan Harkless (Jun 27)
- Re: ftpd: the advisory version Teodor Cimpoesu (Jun 28)
- Re: ftpd: the advisory version Sebastian (Jun 28)
- Re: ftpd: the advisory version Kasatenko Ivan Alex. (Jun 29)
- Re: ftpd: the advisory version Barney Wolff (Jun 29)
- Re: ftpd: the advisory version Sebastian (Jun 29)
- (forw) Re: Netscape ftp Server (fwd) Elias Levy (Jun 29)
- Re: ftpd: the advisory version Juergen P. Meier (Jun 30)
- SecureXpert Advisory [SX-20000620-1] SecureXpert DIRECT Sender (Jun 30)
- SecureXpert Advisory [SX-20000620-3] SecureXpert DIRECT Sender (Jun 30)
- Re: ftpd: the advisory version Roger Espel Llima (Jun 28)
- Re: ftpd: the advisory version Kragen Sitaker (Jun 28)