Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 23 Nov 2014 17:29:19 +1100
From: Joshua Rogers <>
Subject: Re: Off-by-one question

On 23/11/14 03:47, Stuart Gathman wrote:
> The snippet will print Fou.  The contract for strncpy is:
>        The strncpy() function is similar, except that at most n bytes 
> of  src
>        are  copied.  Warning: If there is no null byte among the first
> n bytes
>        of src, the string placed in dest will not be null terminated.
> So you are correct.  Unless strncpy is broken.
That's what I thought.

I wonder why MITRE says otherwise.

Thanks Stuart and Simon.
-- Joshua Rogers <>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.