Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ftpd: the advisory version

From: jor () FM RZ FH-MUENCHEN DE (Juergen P. Meier)
Date: Fri, 30 Jun 2000 09:40:00 +0200

On Tue, Jun 27, 2000 at 03:41:59PM -0700, Dan Harkless wrote:

Sebastian <scut () NB IN-BERLIN DE> writes:

So please, use unsigned char pointers, buffers and casts. For example the
proper code for the above function would be:

void
func_proper (unsigned char *domain)
{
    int             len = domain[0];
    unsigned char   buff[64];


    if (len >= 64)
            return;

    strncpy (buff, &domain[1], len);
    buff[63] = '\x00';
}


Uh, no, the strncpy() prototype is:

    char *strncpy(char *dst, const char *src, size_t n);

len should be a size_t (which is typedef'd to be some kind of unsigned int),
which would avoid the problem (without having to mess with explicitly
unsigned chars, which will cause warnings on platforms where chars are
signed, for one thing).


or where a size_t has different wordlength than an int ;)

this will be one of the biggest problems, to get those int's out of
peoples mind (the code is cleaned quick enough ;)

never ever rely on the size of ordinals.

--
Juergen P. Meier                        email: jpm () class de
Class GmbH Firmengruppe                 phone: +49 172 8379103
Previous By Date Next
Previous By Thread Next

Current thread: