Re: Buffer overflow in "lpr"

Warner Losh (imp@VILLAGE.ORG)
Tue, 08 Jul 1997 13:41:12 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "[linux-security] so-called snprintf() in db-1.85.4 (fwd)"
Previous message: CERT Advisory: "CERT Advisory CA-97.20 - JavaScript Vulnerability"
Maybe in reply to: a42n8k9: "Buffer overflow in "lpr""
Next in thread: Todd Vierling: "Re: Buffer overflow in "lpr""

-----BEGIN PGP SIGNED MESSAGE-----

In message <Pine.LNX.3.95.970708192857.10123A-100000@slartibartfast.sp.org> Peter writes:
: strncat(buf,file,BUFSIZE-strlen(buf));

Add a -1 after the strlen(buf) to allow space for the terminating
'\0'. I was confusing strncat and strncpy in the detail of NUL
termination in my earlier message, as many sharp Bugtraq readers have
pointed out to me.

Warner

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBM8KXqtxynu/2qPVhAQHN3AP+OmuqH1mvOBW3JR3aoBbnPsJkWNaPdD8X
UzdUBZq82uCjr9SXnF/hvn0KNH7zgAt1THRFnwT83IAExOaFQb5JxJe+sq8lSuRb
foxkSuOKpFVseJQjBhHGZuotxz/P6/uXlDZGPMJPYLkmbnBWmuKH9lIOvgrwt5g5
yrIU0vxHIws=
=CGQV
-----END PGP SIGNATURE-----

Next message: Aleph One: "[linux-security] so-called snprintf() in db-1.85.4 (fwd)"
Previous message: CERT Advisory: "CERT Advisory CA-97.20 - JavaScript Vulnerability"
Maybe in reply to: a42n8k9: "Buffer overflow in "lpr""
Next in thread: Todd Vierling: "Re: Buffer overflow in "lpr""