On 13/12/13 16:30, Richard Ipsum wrote:
On 13/12/13 15:10, Ben Brown wrote:
> + if (strlen(argv[1]) >= sizeof(sock.sun_path)) {
> + fprintf(stderr, "%s: file name too long\n", argv[0]);
> + return EXIT_FAILURE;
> + }
This looks much better now that it has argv[0].
One thing to note about that comparison, strlen doesn't include the
null-terminator.
So in the case that argv[1] == sizeof(sock.sun_path) strcpy copies
everything
in src including the null-terminator, so sock.sun_path will overflow
by 1.
I know I suggested the use of strcpy instead of strncpy, I still do.
With strncpy you wouldn't have had the buffer overflow but you would have
had a string in sock.sun_path that wasn't null-terminated.
Isn't C wonderful... :p
Oops, no it's completely fine isn't it, looks like I need to be more
careful, sorry. :)