[Git][NTPsec/ntpsec][master] strncat isn't safe either
Hal Murray
gitlab at mg.gitlab.com
Thu Jan 31 06:17:19 UTC 2019
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
fa584ec2 by Matt Selsky at 2019-01-31T05:50:08Z
strncat isn't safe either
- - - - -
1 changed file:
- devel/hacking.adoc
Changes:
=====================================
devel/hacking.adoc
=====================================
@@ -84,7 +84,7 @@ Here are the non-standardized APIs that may be used:
The following C99/POSIX functions are BANNED. They are unsafe, tending to
cause buffer overruns and (all too often) exploitable security holes:
-* strcpy, strncpy, strcat: Use strlcpy and strlcat instead.
+* strcpy, strncpy, strcat, strncat: Use strlcpy and strlcat instead.
* sprintf, vsprintf: use snprintf and vsnprintf instead.
* In scanf and friends, the %s format without length limit is banned.
* strtok: use strtok_r() or unroll this into the obvious loop.
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/fa584ec228b89d982c25392ece30af2ec72bdbb5
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/fa584ec228b89d982c25392ece30af2ec72bdbb5
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190131/4152b054/attachment.html>
More information about the vc
mailing list