[GRASS5] str*() vs strn*() functions

Brad Douglas rez at touchofmadness.com
Fri Aug 26 21:35:47 EDT 2005


On Sat, 2005-08-27 at 02:14 +0100, Glynn Clements wrote:
> Brad Douglas wrote:
> 
> > > > Specifying the string length has security benefits.
> > > 
> > > What is the problem with using strcmp specifically?
> > 
> > Buffer overflow attacks.
> 
> I think you're getting confused with strcpy/strncpy. strcmp only reads
> the strings, it doesn't write anything so it can't cause a buffer
> overflow.

You are correct.  Thank you for the reminder.


-- 
Brad Douglas <rez at touchofmadness.com>




More information about the grass-dev mailing list