[erlang-patches] [PATCH] erl_call: fix multiple buffer overflows

Michael Santos <>
Sun Aug 22 23:04:02 CEST 2010


On Sun, Aug 22, 2010 at 09:50:22PM +0200, Daniel N?ri wrote:

> Beware that strncpy (being broken by design) leaves off the
> terminating '\0' when the destination buffer isn't large enough, so
> you need to make sure that 'h_hostname' and 'host_name' are properly
> null-terminated here.

Thanks! You are right, of course. I was sure the final extra byte of
the buffer had been null terminated somewhere in the preceeding code ...

I'll send out an updated patch.

> Or see [*] for a better solution.
>
> [*] http://en.wikipedia.org/wiki/Strlcpy

strlcpy is cool, but unfortunately not so portable.

Thanks for catching that!



More information about the erlang-patches mailing list