On Sat, 20 Jul 2013 15:23:46 +0300 Serhiy Storchaka <storch...@gmail.com> wrote: > 20.07.13 15:12, christian.heimes написав(ла): > > http://hg.python.org/cpython/rev/c92f4172d122 > > changeset: 84723:c92f4172d122 > > user: Christian Heimes <christ...@cheimes.de> > > date: Sat Jul 20 14:11:28 2013 +0200 > > summary: > > Use strncat() instead of strcat() to silence some warnings. > > CID 486616, CID 486617, CID 486615 > > [...] > > This will wrong when strlen(fname) is 30. strncat() will copy only 30 > bytes, without terminal NUL.
So, for the record, this is roughly how Rasmus Lerdorf introduced a security hole in PHP 5.3.7: "For people asking me out-of-band what the screw-up was, it was pretty simple. I changed this code: memcpy(passwd, MD5_MAGIC, MD5_MAGIC_LEN); strlcpy(passwd + MD5_MAGIC_LEN, sp, sl + 1); strcat(passwd, "$"); to: memcpy(passwd, MD5_MAGIC, MD5_MAGIC_LEN); strlcpy(passwd + MD5_MAGIC_LEN, sp, sl + 1); strlcat(passwd, "$", 1); **because the Coverity static analyzer warned about using strcat** [emphasis mine] and we generally try to avoid naked strcat/strcpy in the codebase even though in this case it is safe to do." https://plus.google.com/113641248237520845183/posts/g68d9RvRA1i Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
