On Saturday 24 May 2014 14:16:40 Sven Eckelmann wrote:
strncpy doesn't terminate the string with a '\0' character when the length of the destination memory location was shorter than the source string. Accessing it again with string related functions isn't safe after such a semi-failed copy and the caller has to handle it. The easiest way is to always set the last character in the destination buffer to '\0' after the strncpy was called.
Also the length provided as argument of strncpy should not be the length of the source buffer but the maximum number of bytes in the destination buffer.
Signed-off-by: Sven Eckelmann sven@narfation.org
bat-hosts.c | 6 ++++-- bisect_iv.c | 2 ++ debugfs.c | 1 + functions.c | 8 ++++---- tcpdump.c | 2 ++ 5 files changed, 13 insertions(+), 6 deletions(-)
Applied with a slight modification in revision 4faf653.
Thanks, Marek