On Mon, Aug 20, 2012 at 08:56:27AM +0000, Bart Van Assche wrote: > On 08/20/12 06:36, Niels Baggesen wrote: > > This fixes a possible memory overrun (see patch 3559417) > > Although I'd prefer that strncpy() to be replaced by strlcpy():
Why? It's a convenience, yes, but it leads to results being truncated one too early, which might convince the manager that it has gotten the complete result. If it fills the variable to the limit it should know it might be truncated. /Niels -- Niels Baggesen -- @home -- Ã…rhus -- Denmark -- ni...@baggesen.net The purpose of computing is insight, not numbers -- R W Hamming ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
