20.07.13 15:36, Antoine Pitrou написав(ла): > On Sat, 20 Jul 2013 15:23:46 +0300 > Serhiy Storchaka <storchaka at gmail.com> wrote: >> 20.07.13 15:12, christian.heimes написав(ла): >>> http://hg.python.org/cpython/rev/c92f4172d122 >>> changeset: 84723:c92f4172d122 >>> user: Christian Heimes <christian at cheimes.de> >>> date: Sat Jul 20 14:11:28 2013 +0200 >>> summary: >>> Use strncat() instead of strcat() to silence some warnings. >>> CID 486616, CID 486617, CID 486615 >>> > [...] >> >> This will wrong when strlen(fname) is 30. strncat() will copy only 30 >> bytes, without terminal NUL. > > So, for the record, this is roughly how Rasmus Lerdorf introduced a > security hole in PHP 5.3.7: > > > "For people asking me out-of-band what the screw-up was, it was pretty > simple. I changed this code: > > memcpy(passwd, MD5_MAGIC, MD5_MAGIC_LEN); > strlcpy(passwd + MD5_MAGIC_LEN, sp, sl + 1); > strcat(passwd, "$"); > > to: > > memcpy(passwd, MD5_MAGIC, MD5_MAGIC_LEN); > strlcpy(passwd + MD5_MAGIC_LEN, sp, sl + 1); > strlcat(passwd, "$", 1); > > **because the Coverity static analyzer warned about using strcat** > [emphasis mine] and we generally try to avoid naked strcat/strcpy in the > codebase even though in this case it is safe to do." > > https://plus.google.com/113641248237520845183/posts/g68d9RvRA1i strlcat != strncat. strlcat(dst, src, 1) actually do nothing.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4