Re: Stack growth direction to thwart buffer overflow attacks

From: Frank Cusack (fcusack_at_fcusack.com)
Date: 08/19/03 

Date: Tue, 19 Aug 2003 06:42:55 -0700

And just to followup again, after looking at the man page ...

On Tue, 19 Aug 2003 07:57:42 +0000 (UTC) phn@icke-reklam.ipsec.nu wrote:
> Quoting from FreeBSD's manpage for strncat(3) :
> LIBRARY
> Standard C Library (libc, -lc)
>
> SYNOPSIS
> #include <string.h>
>
> char *
> strcat(char *s, const char *append);
>
> char *
> strncat(char *s, const char *append, size_t count);
>
> DESCRIPTION
> The strcat() and strncat() functions append a copy of the null-terminated
> string append to the end of the null-terminated string s, then add a ter­
> minating `\0'. The string s must have sufficient space to hold the
> result.
>
> The strncat() function appends not more than count characters from
> append, and then adds a terminating `\0'.

How utterly idiotic. strncat appends up to count characters, PLUS ONE.
I don't have any reference handy (why is it always in "my other pants"?)
but I'll be surprised if that's how the C99 strncat works.

/fc