[Gllug] C function strcasecmp
home at alexhudson.com
home at alexhudson.com
Fri Jul 20 15:50:01 UTC 2001
On Fri, Jul 20, 2001 at 04:03:12PM +0100, David Spencer wrote:
> strn(anything) doesn't protect you from buffer overflows; by the time
> you're comparing text you've usually already read the text into the
> buffer that's just overflowed. Checking the size of text in the edit
> box (or whatever) _before_ reading the text into an appropriately sized
> buffer is what protects you from buffer overflows.
I'm not sure how a non-destructive comparison can cause a buffer overflow,
or how you could compare two strings without knowing their length with
strncasecmp :), but even so, you are worried about segfaults I s'pose.
strn.. doesn't _protect_ you, but it enables you to write functions which
don't overflow buffers, so long as you are capable of reading man pages
(which most programmers can't.... witness strlcat, etc... :( )
Cheers,
Alex.
--
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list