safe_strcpy is unsafe

Luke Kenneth Casson Leighton lkcl at samba.org
Wed Jan 19 22:24:42 GMT 2000


yep!  i know.  i talked to jeremy about it.

does anyone want to write a perl or awk script that will +1 to every
single usage of safe_strcpy() in all samba code?

optimisations include removing -1+1.

i just hate how safe_strcpy() has to use sizeof(str)-1 ABSOLUTELY
everywhere.

On Thu, 20 Jan 2000, Michael Stockman wrote:

> Hello,
> 
> safe_strcpy is not very safe. It seems that it writes 1 char longer
> than maxlen, which is bad if the buffer isn't that long. Example of
> bad but common usage:
> 
> pstring str;
> safe_strcpy( str, "Hello world", sizeof(str) );
> 
> This may cause a SIGSEGV!
> 
> Best regards
>   Michael Stockman
>   pgmtekn-micke at algonet.se
> 
> 
> 

<a href="mailto:lkcl at samba.org"   > Luke Kenneth Casson Leighton    </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development   </a>
<a href="http://samba.org"        > Samba Web site                  </a>
<a href="http://www.iss.net"      > Internet Security Systems, Inc. </a>
<a href="http://mcp.com"          > Macmillan Technical Publishing  </a>

 ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals



More information about the samba-technical mailing list