Subject: Re: gzip buffer overflow found
To: None <current-users@netbsd.org>
From: Peter Seebach <seebs@plethora.net>
List: current-users
Date: 01/24/2001 12:55:41
In message <20010124185038.37CD55@proven.weird.com>, Greg A. Woods writes:
>These days I'm pretty sure it's still mandated by the ISO C standard.

Yes.

>don't have a copy of the standard, but each of K&R (2nd edition),
>Harbison&Steele, and the 4BSD manual pages (which claim ANSI X3.159-1989
>conformance for strcpy() and strncpy()) explicitly state that strncpy
>always copies `n' characters to the destination, padding with '\0' chars
>if the source was less than `n' characters (and of course not
>terminating the destination at all if the source is longer than `n'
>characters).

Yes.  This is why it sucks.  :)

-s