On Mon, Sep 03, 2012 at 04:37:42PM +0200, rustyBSD wrote:
> /usr/src/sbin/disklabel/disklabel.c
> lines: 333 & 1092 & 1096
>
> Is this me, or these strncpy() may cause off-by-one
> overflows ?
>
> In an use like this:
>
> strncpy(a, b, sizeof(a));
No, this is not an overflow. But a will potentieally not be NUL-terminated.
>
> the null terminator will be added beyond the end of
> a if b has the same size (or a larger size).
>
> Should use something like:
>
> strncpy(a, b, sizeof(a) - 1);
Better use strlcpy(3). The mappages for goth strncopy and strlcpy
explain why.
-Otto
