From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33) id 1BbAlk-00074g-2W for qemu-devel@nongnu.org; Fri, 18 Jun 2004 00:14:24 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33) id 1BbAli-00074U-7j for qemu-devel@nongnu.org; Fri, 18 Jun 2004 00:14:23 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1BbAli-00074R-4i for qemu-devel@nongnu.org; Fri, 18 Jun 2004 00:14:22 -0400 Received: from [206.72.67.39] (helo=claudius.sentinelchicken.org) by monty-python.gnu.org with smtp (Exim 4.34) id 1BbAkV-0000da-S0 for qemu-devel@nongnu.org; Fri, 18 Jun 2004 00:13:08 -0400 Date: Thu, 17 Jun 2004 21:13:29 -0700 From: Tim Subject: Re: [Qemu-devel] [PATCH] Security house-cleaning Message-ID: <20040618041329.GA1920@sentinelchicken.org> References: <20040617043838.GA1938@sentinelchicken.org> <1087484840.21569.108.camel@sherbert> <20040617160526.GA20148@sentinelchicken.org> <1087494085.3375.133.camel@sherbert> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1087494085.3375.133.camel@sherbert> Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org > nooooope, strcpy has no way of knowing how big the buffer is other than > what you tell it. It's likely that all (or most) of the buffers that are > strcpy'd to are initialised to zero / .bss so it doesn't matter in > reality, but better safe than sorry. What if some buffer is moved to > stack later, that would expose the latent bug. Oh... you are right. It only pads with nulls if the src string is shorter than the length argument. I'll fix those and submit a new version in a day or two. thanks, tim