From mboxrd@z Thu Jan 1 00:00:00 1970 From: dave at horsfall.org (Dave Horsfall) Date: Wed, 13 Nov 2019 12:11:56 +1100 (EST) Subject: [COFF] [TUHS] buffer overflow (Re: Happy birthday Morris worm In-Reply-To: References: <1573592179.5935.for-standards-violators@oclsc.org> <20191112221053.C2009156E80B@mail.bitblocks.com> Message-ID: (Narrowly diverted in time to COFF from TUHS when I saw Warren's email, so I hope Warner is on it.) On Tue, 12 Nov 2019, Warner Losh wrote: > POSIX can't even recognize that leap seconds exist :( There's a movement afoot to abolish leap seconds because they are "inconvenient" or something; that will upset the astronomers and other people who care about the exact time. > All is not lost, though; use strncpy() instead of strcpy() etc.  > > strncpy has two issues. First, it doesn't guarantee NUL termination. > Second, it always writes N bytes. It's for a fixed width data field, not > a variable length string whose buffer size is known. strlcpy is much > better, but still has some issues... Yeah, I knew about the NUL termination (or lack of it) - I didn't think to mention it. When I use it, I copy n-1 bytes and plant the NUL in there myself (depending on how I'm using it). And I wasn't aware of strlcpy() - thanks. Too many functions to keep track of these days.... Trivia: curious to see how Australia's "talking clock" (long gone in favour of NTP, alas) handled the leap second, I recorded it (it puts a gap before the last beep). It can be heard (and seen!) over on www.horsfall.org/leapsecond.webm . And yes, that old long-haired hippie is me... -- Dave