Re: proper way to determine string length

---

• From: gordonb.d2wk3@xxxxxxxxxxx (Gordon Burditt)
• Date: Sun, 17 Dec 2006 19:25:44 -0000

---

But if that's the case, i can't quite grasp the fact that there would
be so much problems with programmers forgetting to null terminate a
string. Or is that just me ?

If you call read() or fread() the buffer is not guaranteed to be
null-terminated (and it usually won't be, unless you've placed a
null just beyond the end of the buffer). If you copy something
with strncpy() to fit into a limited-size destination field and
prevent buffer overflow, the result is not guaranteed to be
null-terminated if the input could have been at or over the max
length. If you take the address of a character to make a one-character
string, it probably won't be null-terminated and will probably
consist of more than one character.

I don't see that there are "so much problems with programmers
forgetting to null terminate a string" unless you're going to try
to turn every buffer overflow (which IS a big problem) involving
strings into a null-termination problem. Many times there *is* a
string termination, it's just way beyond the end of the buffer (and
it may get clobbered later). Most buffer overflows are caused by
failing to include any logic to limit the size of the input (e.g.
using the evil gets()) and just assuming nobody will do anything
stupid or evil. That's the root cause. A quarter-assed fix will
limit the size of the input (e.g. copy it with strncpy()) but forget
the null termination.

.

---

• References:
  • proper way to determine string length
    • From: atv
  • Re: proper way to determine string length
    • From: atv
  • Re: proper way to determine string length
    • From: Barry Margolin
  • Re: proper way to determine string length
    • From: atv

• Prev by Date: Re: BSD sockets: recv with MSG_WAITALL should return EWOULDBLOCK?
• Next by Date: Re: BSD sockets: recv with MSG_WAITALL should return EWOULDBLOCK?
• Previous by thread: Re: proper way to determine string length
• Next by thread: managing tcp fd between parent and child process.
• Index(es):
  • Date
  • Thread

---

Relevant Pages I dont mind bug: BinToHex implementation/description do not match ! ... The BinToHex procedure occurding to Delphi's help would return a 'null' ... to terminate it with a #0 in the first place. ... Call BinToHex to convert the binary value in a buffer into a string that is ... Buffer is a buffer of bytes that contains the binary value. ... (alt.comp.lang.borland-delphi) Re: I dont mind bug: BinToHex implementation/description do not match ! ... assigning it to another string you may see this problem. ... > forgets to add a null terminated character. ... > to terminate it with a #0 in the first place. ... > Buffer is a buffer of bytes that contains the binary value. ... (alt.comp.lang.borland-delphi) Re: Linux Security ... >> did you terminate the string you stacked with a newline character? ... >> address of the stack, which is what I presume you passed it. ... > work in a buffer overflow, and what I need to do in order to be able ... (comp.os.linux.security) Re: perl fileio ... $buffer is null-terminated inside of perl, ... The PV slot is a pointer to the underlying C string which needs to have ... null-termination). ... (comp.lang.perl.misc) RE: Help converting Buffer of Bytes to string ... You can Null terminate a byte array by ... > What is the best way of adding a null to a Buffer of Bytes. ... >> I note that you can null teminate a string by adding controlchar.null. ... (microsoft.public.dotnet.languages.vb)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)