[COFF] [TUHS] buffer overflow (Re: Happy birthday Morris worm
Dave Horsfall
dave at horsfall.org
Wed Nov 13 11:11:56 AEST 2019
(Narrowly diverted in time to COFF from TUHS when I saw Warren's email, so
I hope Warner is on it.)
On Tue, 12 Nov 2019, Warner Losh wrote:
> POSIX can't even recognize that leap seconds exist :(
There's a movement afoot to abolish leap seconds because they are
"inconvenient" or something; that will upset the astronomers and other
people who care about the exact time.
> All is not lost, though; use strncpy() instead of strcpy() etc.
>
> strncpy has two issues. First, it doesn't guarantee NUL termination.
> Second, it always writes N bytes. It's for a fixed width data field, not
> a variable length string whose buffer size is known. strlcpy is much
> better, but still has some issues...
Yeah, I knew about the NUL termination (or lack of it) - I didn't think to
mention it. When I use it, I copy n-1 bytes and plant the NUL in there
myself (depending on how I'm using it).
And I wasn't aware of strlcpy() - thanks. Too many functions to keep
track of these days....
Trivia: curious to see how Australia's "talking clock" (long gone in
favour of NTP, alas) handled the leap second, I recorded it (it puts a gap
before the last beep). It can be heard (and seen!) over on
www.horsfall.org/leapsecond.webm .
And yes, that old long-haired hippie is me...
-- Dave
More information about the COFF
mailing list