On Thu, May 03, 2001 at 10:47:54AM +0100 or thereabouts, Lars Hecking wrote:
>> As a side note, I'd generally stay away from strcpy() and strcat().
> It is estimated that about 80% of all security vulnerabilities are
> buffer overflows.
>> If your OS supports it, use strlcpy() and strlcat() [OBSD 2.4+, FBSD 3.3+,
> Solaris 8+, dunno about others].
> Else, use at least strncpy() and strncat(), and make sure the result is
Excerpt from "man srtncpy"
strcat() appends a copy of string src, including the ter-
minating null character, to the end of string dst.
strncat() appends at most n characters. Each returns a
pointer to the null-terminated result. The initial charac-
ter of src overrides the null character at the end of dst.
This suggests that strncat() null terminates in every case.
strcpy() copies string src to dst including the terminating
null character, stopping after the null character has been
copied. strncpy() copies exactly n bytes, truncating src or
adding null characters to dst if necessary. The result will
not be null-terminated if the length of src is n or more.
My reading of this is that
only strncpy() needs to be followed by a null terminator and only if it
reads less than the length of src. so, assuming
strncpy(dest, src, strlen(src) * sizeof(char));
dest will be null terminated. Or does strlrn() leave out the null
terminator when returning a length?
Met Eireann, Glasnevin Hill, Dublin 9, Ireland
Ph +353 1 8064217 Fax +353 1 8064275
10:20am up 23 days, 19:31, 7 users, load average: 1.00, 1.00, 1.00
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!