On Sat, 27 Oct 2018 14:24:22 +0200
info at smallinnovations dot nl <info@???> wrote:

> Not my words although i agree fully with them:
> https://www.theregister.co.uk/2018/10/26/systemd_dhcpv6_rce/

"The overflow can be triggered relatively easy by advertising a DHCPv6
server with a server-id >= 493 characters long," Wilhelm noted.

They say: You must use systemd because sysvinit is soooooo old.

I say: You must use strncpy()/strncat() because strcpy()/strcat() are
soooooo old.


What's it been now, 30 years since the strn versions of those
commands have been around? You'd think they'd have taken that in and
adopted it by now. But nooooooooooooooooooooooooo!

Tip to Lennart: Make the size of the destination buffer a constant,
then use the command with the n, like the following example:

======================================================
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main(int argc, char * argv[]){
    const int BUFSIZE = 10;
    char * buf = malloc (sizeof(char*) * BUFSIZE);
    if(!buf) return 1;
    strncpy(buf, "antidisestablishmentianism", BUFSIZE);
    buf[BUFSIZE - 1] = '\0'; //In case no nullbyte at end
    printf(buf);
    free(buf);
    return 0;
}
======================================================

SteveT

Steve Litt
September 2018 featured book: Quit Joblessness: Start Your Own Business
http://www.troubleshooters.com/startbiz