2018-01-27 23:31 GMT+01:00 Dimitry Andric <d...@freebsd.org>: > On 27 Jan 2018, at 23:20, Ed Schouten <e...@nuxi.nl> wrote: >> >> 2018-01-27 23:16 GMT+01:00 Pedro F. Giffuni <p...@freebsd.org>: >>> char host[sizeof(utmp.ut_host) + 1]; >>> insecure = 1; >>> >>> - strncpy(host, utmp.ut_host, sizeof(utmp.ut_host)); >>> - host[sizeof(utmp.ut_host)] = 0; >>> + strncpy(host, utmp.ut_host, sizeof(host)); >> >> Wait... This may access utmp.ut_host one byte past the end and no >> longer guarantees that host is null-terminated, right? > > No, strncpy "copies at most len characters from src into dst".
Substituting 'len', 'src' and 'dst' gives me: strncpy "copies at most 'sizeof(utmp.ut_host) + 1' characters from 'utmp.ut_host' into 'host'". As 'utmp.ut_host' is not guaranteed to be null-terminated by POSIX*, it can actually end up in the situation where it copies 'sizeof(utmp.ut_host) + 1' characters, which may leave 'host' unterminated. -- Ed Schouten <e...@nuxi.nl> Nuxi, 's-Hertogenbosch, the Netherlands _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"