On Sun, 21 Jan 2001, OpenSSL Project wrote:
> o Whenever strncpy is used, make sure the resulting string is
> NULL-terminated or an error is reported
You should look at copying OpenBSD's strlcpy and strlcat routines,
which provide a much safer way of copying nul-terminated strings
and detecting overflow.
http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy
http://www.openbsd.org/cgi-bin/man.cgi?query=strlcat
-d
--
| ``We've all heard that a million monkeys banging on | Damien Miller -
| a million typewriters will eventually reproduce the | <[EMAIL PROTECTED]>
| works of Shakespeare. Now, thanks to the Internet, /
| we know this is not true.'' - Robert Wilensky UCB / http://www.mindrot.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
