Talkback for article: 190, May2001

Security holes

Back to:

From: Frank [ date: 2001-05-16 ]
Great article! But I think there is a mistake in your description
of the strncat function. Let me quote:
> Replacing strcat(buffer1, buffer2);
> with strncat(buffer1, buffer2, sizeof(buffer1)-1);
> eliminates the risk.
However, my system's man page for strncat(3) says:
> The strncat() function is similar [to strcat], except that only the
> first n characters of src [=buffer2] are appended to dest [=buffer1].
That means that the correct strncat call would be:
strncat(buffer1, buffer2, sizeof(buffer1)-1-strnlen(buffer1, sizeof(buffer1)-1));
Doing it this way should assure that buffer1 doesn't overflow,
but I haven't tested it.
From: Fred Raynal <pappy(at)> [ date: 2001-05-29 ]
Frank, I guess you just prove that cut/paste is a bad way to write an article ;-/
Of course, you are right and we made a mistake, Thanks for fixing it :)

The authors (ashamed)
From: G Salmon <fisher143(at)> [ date: 2003-04-25 ]
Are there any exploits out there that can successfully conduct buffer overflows against the Heap?

3 talkbacks in English
Other talkbacks:   Castellano

Due to the increased amount of web spam we have deciced to removed the talkback posting possibility. You can read old talkbacks but you can no longer post new ones.

Back to

Please contact webmaster(at) if you have any questions with regards to this talkback

lftalkback version 3.10