• Welcome to Valhalla Legends Archive.
 

How do I Adding two variables

Started by Final, January 03, 2006, 03:32 AM

Previous topic - Next topic

Zorm

Quote from: Kp on January 04, 2006, 06:53 PM
Quote from: Mephisto on January 04, 2006, 06:18 PM
Quote from: Kp on January 03, 2006, 11:41 PM
How is using a buffer of size 260 safer than a buffer of size 255?  They're both vulnerable to an overflow if you pass too much data in.  The correct thing to do would be to use a length-checking variant, such as strncat, strncpy, or snprintf, of the string function you want.  strncpy behaves strangely though, so you might be better off copying the BSD strlcpy instead.

For personal knowledge, can you explain how it behaves strangley and is unique compared to other length checking string functions?

I could, but it's easier just to quote the man page. :)

       The  strncpy()  function  is similar, except that not more
       than n bytes of src are copied. Thus, if there is no  null
       byte  among  the first n bytes of src, the result will not
       be null-terminated.

       In the case where the length of src is less than  that  of
       n, the remainder of dest will be padded with nulls.


Other length-limited string functions ensure the string is null terminated (even if they must cut off some characters to do so), and don't do anything to the space beyond where the null is dropped.

Note: This isn't true for windows.
Take _snprintf for example http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vccore98/HTML/_crt__snprintf.2c_._snwprintf.asp
Quote
The _snprintf function formats and stores count or fewer characters and values (including a terminating null character that is always appended unless count is zero or the formatted string length is greater than or equal to count characters) in buffer.

Security Note   Ensure that format is not a user-defined string. This function does not guarantee NULL termination, so ensure it is followed by sz[ ARRAYSIZE(sz) - 1] = 0. For more information, see Avoiding Buffer Overruns.

Wow, the security note is neat. It wasn't around the last time I looked at the MSDN page for _snprintf.
"Now, gentlemen, let us do something today which the world make talk of hereafter."
- Admiral Lord Collingwood

Kp

That's terrible!  The GNU libc implementation of snprintf always null terminates non-empty buffers, even if the output is truncated.  It's likely that much code written for Unix relies on this behavior, as do many Windows programmers.  I'd never heard about this incompatibility in the Microsoft implementation, nor do I see reference to it in the PSDK I use as a reference.
[19:20:23] (BotNet) <[vL]Kp> Any idiot can make a bot with CSB, and many do!