[GRASS5] str*() vs strn*() functions
rez at touchofmadness.com
Fri Aug 26 05:57:28 EDT 2005
On Fri, 2005-08-26 at 10:18 +0100, Paul Kelly wrote:
> On Fri, 26 Aug 2005, Brad Douglas wrote:
> > Is there any particular reason there has been a recent move from using
> > strn*() function to using str*() functions?
> It was a bugfix: with strncmp it was returning a match if one string was
> shorter than the other but matched the first n characters. We needed to
> match the whole string.
Is this a comparison of two strings of arbitrary length or is the source
string known? Do you have an example of where it failed to work
properly? I'm curious.
> > Specifying the string length has security benefits.
> What is the problem with using strcmp specifically?
Buffer overflow attacks.
> I had a think about it and couldn't think of any reason not to use strcmp(),
> so I changed some occurences of strncmp() I had added in the past (blindly
> following the way it was done in other parts of the proj library).
I found a short article detailing the problem for anyone interested:
It isn't a huge deal, but it is something to be aware of.
Brad Douglas <rez at touchofmadness.com>
More information about the grass-dev