[linux-dvb] Re: Dangerous mix between C++ strings and C char arrays

[Nicolas Baradakis <nicolas.baradakis@prologin.org>]

Marcus Metzler writes: 
> > Note : I strongly recommand you to use strncpy() instead of strcpy(),
> > I would replace the last line with
> > 	
> > 	strncpy(path, str.str().data(), 256);  
> Ok, I'll have a look at that, it's probably more secure.
It _is_  more secure, and  without a doubt:  when the user  gives your
program a  pathname longer than 256  chars and you do  a strcpy(), you
have a buffer overflow. 

--
Nicolas Baradakis 

--
Info:
To unsubscribe send a mail to listar@linuxtv.org with "unsubscribe linux-dvb" as subject.