Kernel buffer overflow exposes iPhone 11 Pro to radio based attacks

Patrick Schluter Patrick.Schluter at bbox.fr
Wed Dec 9 08:52:10 UTC 2020


On Wednesday, 9 December 2020 at 08:26:35 UTC, Patrick Schluter 
wrote:
> On Wednesday, 2 December 2020 at 17:52:29 UTC, H. S. Teoh wrote:
>>[...]
>
> The only sin of strncpy() is its name. The problem is that 
> people think it is a string function (even you fell for it), 
> but it never was a string function, it is a buffer function and 
> a mem*/buf* prefix would have gone a long way to avoid its 
> misuse as a string function. Beyond its truncation feature, it 
> has a second functionality that most people do not know and 
> that make it definitely different from the string function, it 
> overwrites the whole buffer with 0 to the end of it, making it 
> often a performance hog:
>
> [...]
Simplest implementation of strncpy

     char *strncpy(char *dest, const char *src, size_t n)
     {
       memset(dest, 0, n);
       memcpy(dest, src, min(strlen(src),n));
     }

Checking the man on Linux does perpetuate the error. strncpy() is 
joined with strcpy(), which is wrong imo. As my implementation 
above shows, strncpy() is semantically closer to memcpy() than to 
strcpy().


More information about the Digitalmars-d mailing list