Hi Jan,
On Sat, Mar 1, 2008 at 11:12 PM, Jan-Oliver Wagner
<[EMAIL PROTECTED]> wrote:
> On Saturday 01 March 2008 17:23, [EMAIL PROTECTED] wrote:
> > trunk/openvas-libraries/libopenvas/proctitle.c
> > + strncpy(s,envp[i],strlen(envp[i]));
> shouldn't in general the length of the destination be the limiting factor?
It should be.. but luckily for us, it seems like the guys who coded
the libraries were malloc'ing the required space beforehand. In this
case the string length for the envp array is precalculated in the loop
on line 27 into envpsize and later s is created from envpsize+space
for '\0'. So putting in
strncpy(s,envp[i],strlen(envp[i]));
is redundant (silencing flawfinder), since s will always be as large
as required.. Unless of course malloc fails :(.
regards
Laban
_______________________________________________
Openvas-devel mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel