Re: [Debian-audit] Re: Goals for Etch?

From: Ulf Harnhammar <metaur_at_telia.com>
Date: Fri, 17 Jun 2005 01:50:00 +0200

On Fri, Jun 17, 2005 at 01:20:14AM +0200, Ulf Harnhammar wrote:
> * strncat(buf2, buf, sizeof(buf2))

buf[sizeof(buf)] = '\0'; is a bad but common idiom as well. We could
go into more detail and describe that strcpy(), strcat() and sprintf()
sometimes lead to buffer overflows, but then the readers will have to
deal with many false positives.

// Ulf
Received on Fri Jun 17 2005 - 00:50:03 BST

This message: [ Message body ]
Next message: Steve Kemp: "Re: [Debian-audit] Re: Goals for Etch?"
Previous message: Ulf Harnhammar: "Re: [Debian-audit] Re: Goals for Etch?"
In reply to: Ulf Harnhammar: "Re: [Debian-audit] Re: Goals for Etch?"
Next in thread: Ulf Harnhammar: "Re: [Debian-audit] Re: Goals for Etch?"
Reply: Ulf Harnhammar: "Re: [Debian-audit] Re: Goals for Etch?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

Mailing list overview.