SecFix for databases/firebird, please review
Joshua Oreman
oremanj at get-linux.org
Wed Aug 27 08:31:47 PDT 2003
On Wed, Aug 27, 2003 at 11:17:33AM +0200 or thereabouts, Alexander Leidinger wrote:
> On Wed, 27 Aug 2003 10:10:36 +0200
> Pawel Jakub Dawidek <nick at garage.freebsd.pl> wrote:
>
> > On Mon, Aug 18, 2003 at 11:59:28AM +0200, Alexander Leidinger wrote:
> > +> Thanks for the review. I've updated
> > +> http://www.leidinger.net/FreeBSD/firebird-1.0.2-secfix.tar.bz2 (modulo
> > +> Chris' work in progress). I'm looking forward to the next round. :-)
> >
> > IMHO there are still problems with strncat(3).
> >
[ ... ]
> > You also still don't add:
> >
> > buf[sizeof(buf) - 1] = '\0';
> >
> > after all strncat(3)s.
>
> Hmmm... yes, I see the problem...
>From strncat(3):
char* strncat (char * restrict s, const char * restrict append, size_t count);
[ ... ]
The strncat function appends not more than count characters from
append, and then adds a terminating `\0'.
(emphasis added) ^^^^^^^^^^^^^^^^^^^^^^^
So here there really isn't a problem.
-- Josh
More information about the freebsd-questions
mailing list