"Secure coding" audit checkers and Kerberos
Love Hörnquist Åstrand
lha at apple.com
Tue Oct 14 21:50:57 EDT 2008
14 okt 2008 kl. 18:06 skrev ghudson at mit.edu:
> * Instead of strcpy or strcat, use memcpy. Remember to ensure that
> the string is terminated if you are not copying a terminator.
use strlcpy and provide wrapper functions for those that misses it
use strlcat and provide wrapper functions for those that misses it
important, check for string truncation with both strlcat and strlcpy
since that is also a security problem.
Using memcpy to copy strings are just backward.
More information about the krbdev