Date: Sat, 22 Nov 2014 17:28:00 +1100 From: Joshua Roers <honey@...ernot.info> To: oss-security@...ts.openwall.com Subject: Off-by-one question Hi guys, I'm just wondering, is it possible to use strncpy to overwrite memory addresses? i.e: > char buf; > strncpy(buf, "Four", sizeof(buf)); > buf[sizeof(buf)-1] = '\0'; > printf("%s\n", buf); Since > strncpy(buf, "Four", sizeof(buf)); is not > strncpy(buf, "Four", sizeof(buf)-1); will strncpy write beyond the memory of 'buf', and set it to NUL? >From my understanding from http://cwe.mitre.org/data/definitions/193.html, it would. ".. creating a buffer overflow that may cause a memory address to be overwritten .." But actually RTFM, strncpy will not write, even the NUL, past the size. So it looks like I'm either reading mitre wrong, or it may be outdated. Any opinions on this? Thanks, -- -- Joshua Rogers <https://internot.info/>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.