Date: Sun, 23 Nov 2014 17:29:19 +1100 From: Joshua Rogers <oss@...ernot.info> To: oss-security@...ts.openwall.com Subject: Re: Off-by-one question On 23/11/14 03:47, Stuart Gathman wrote: >> > The snippet will print Fou. The contract for strncpy is: > > The strncpy() function is similar, except that at most n bytes > of src > are copied. Warning: If there is no null byte among the first > n bytes > of src, the string placed in dest will not be null terminated. > > So you are correct. Unless strncpy is broken. That's what I thought. I wonder why MITRE says otherwise. Thanks Stuart and Simon. -- -- Joshua Rogers <https://internot.info/>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.