On Tue, 8 Jul 1997, Warner Losh wrote:
> In message <31DBF6DD.1A0E@redrose.net> a42n8k9 writes:
> : If I'm not mistaken this should show if a vulnerability exists.
> ....
> : static char *linked(register char *file) {
> : register char *cp;
> : static char buf[BUFSIZ];
> : .
> : .
> : .
> : strcat(buf, "/");
> : -------------> strcat(buf, file);
> : .
> : .
> : .
> : }
> :
> : Perhaps a fix would be to use the line "strncat(buf, file, BUFSIZ)"
> : but that would stop
> : lpr from processing a file with a name greater than BUFSIZ characters.
>
> strncat wouldn't do what you wanted in this case. It would append at
> most BUFSIZ characters, rather than at most BUFSIZE-strlen(buf)
> characters. Also, you need to '\0' terminate the buf after this
> because str*cat doesn't do that for you.
>
> Warner
strncat(buf,file,BUFSIZE-strlen(buf));
should be all you need...
- From the strncat() entry in Donald Lewine's "POSIX Programmer's Guide":
"A terminating NULL is always appended to the result."
The strncat(3) manpage also says this, but not in as clear of terms.
-- Peter
PGP KeyID = 4920E659 Fingerprint = 49868A89662AF7F7 777E813ED64EAACE
Doubt is not a pleasant condition, but certainty is absurd.
-- Voltaire
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBM8KWIVCIB2hJIOZZAQFG6Qf6AiNaBWIx+QB3NYh857lLxIZiIHpwGG0O
XKKlsIR+SnGNBcDw7zwxITQHnlm+vDjrUMcPNOL1GJujHnVsTkNLGALDACgkPxoQ
8eIoweQ8/zRTjZqsmdn0XG8Eefg7xW5RHRr/XBI3xvw84MZYbhh98O1GnHAWtWgF
3DaVE5ZBwMxMt7eGyKFJzKHRG1V5Dw58o/b9nByvpIlknb+aRT5tMG5L8IDtCa0M
dtSHA5n2J7iUk2rRBx7opehduGTaLzdGoa6+VHhLsFMIZTOkh1/yCdcZLXDKQDuG
8/K8Oy4q0kC754aEBR7rPwc61Ywj09LTdTDx9tOx7FyErliywIJcVg==
=OJ26
-----END PGP SIGNATURE-----