From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <51AF3F6A.8000605@gmx.de> Date: Wed, 5 Jun 2013 15:38:50 +0200 From: Friedrich Psiorz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6 MIME-Version: 1.0 To: 9fans@9fans.net References: <03dd9a6798effc7cf713d579f6bbc0e6@isd.dp.ua> <636BFA64-E5C9-417C-AD9E-E6BCEAACB02B@gmail.com> In-Reply-To: <636BFA64-E5C9-417C-AD9E-E6BCEAACB02B@gmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [9fans] lpdaemon Topicbox-Message-UUID: 63af8eaa-ead8-11e9-9d60-3106f5b1d025 I think your code is wrong. If the NUL byte is present, it doesn't do anything, however if it is not there, strlen will read more than it should, and possibly try to read some invalid address. In case info.host is a fixe size array, a simple info.host[sizeof info.host - 1] = 0; would do. Am 05.06.2013 15:13, schrieb Don Bailey: > The first opportunity to write a nil byte should always be taken. Using sizeof only means that in corner cases memory disclosure may occur between where the nil should be and the end of the array. While this isn't a security critical app, it is still good coding practice. > > x = strlen(info.host) < sizeof info.host ? strlen() : sizeof ; > info.host[x] = 0; > > D >