The input buffers should have made sure that they are \0 terminated.
So buffer[strlen(buffer) == 0 is always true.
All derratives from that buffer (parsed entry's for example) are all \0
terminated in the code, so they should be a problem in the code.
But in fact you are right. We're trusting and working with variables we
should trust in that manner.
Best regards,
Eelco
On maandag, apr 14, 2003, at 22:53 Europe/Amsterdam, Aaron Stone wrote:
Hey, so grep -A1 memtst * in dbmail, and you'll find lots of these:
memtst((dest = (char *)my_malloc(strlen(value)+1))==NULL);
strncpy(dest,value,strlen(value)+1);
Doesn't this cause dest not to be null terminated? The extra space is
allocated specifically for null, so the second line should be:
strncpy(dest,value,strlen(value));
and for extra paranoia:
dest[strlen(value)+1] = '\0';
Otherwise, you're relying on value to already be null terminated,
which it
should be... but who really knows?
Aaron
_______________________________________________
Dbmail-dev mailing list
[email protected]
http://twister.fastxs.net/mailman/listinfo/dbmail-dev
_________________________
E.J.A. van Beek
ICT Manager
IC&S
T: +31 30 2322878
F: +31 30 2322305
PGP-key:
www.ic-s.nl/keys/eelco.txt
