C++ 中 fread 和 strncpy 中的缓冲区溢出
[英]Buffer overflow in fread and strncpy in C++
问题描述
I'm getting buffer overflow case from the appscan for the below set of code.
我正在从 appscan 获取以下代码集的缓冲区溢出案例。 I'm not sure what is wrong in it.我不确定它有什么问题。 If someone suggest a solution that would be great.如果有人提出一个很棒的解决方案。 Common Code is for all the platform.通用代码适用于所有平台。
int main()
{
char* src = NULL;
char* chenv = getenv("HOME");
if (chenv == NULL || strlen(chenv) == 0)
return -1;
else
{
int len = strlen(chenv);
src = new char[len+1];
strncpy(src, chenv, len); // AppScan throws buffer overflow
src[len+1]='\0';
}
FILE* fp;
char content[4096];
int len = 0;
fp = fopen("filename.txt", "r");
if(fp)
{
while( (len = fread(content, sizeof(char), sizeof(content), fp))> 0) // AppScan throws buffer overflow on content
{
docopy(content, len);// External funtion call.
}
}
return 0;
}
1 个解决方案
解决方案1
0 2020-08-14 08:31:28
Instead of strncpy I tried using strdup() and the issue solved.我尝试使用 strdup() 而不是 strncpy 并解决了问题。 But the fread is still having the issue.但是fread仍然有问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
C ++缓冲区溢出 - C++ Buffer Overflow
c ++有缓冲区溢出helloworld吗? - Is there a buffer overflow helloworld for c++?
C ++中的故意缓冲区溢出 - Intentional Buffer overflow in c++
c++ 中的缓冲区溢出 [暂停] - buffer overflow in c++ [on hold]
自己的strncpy()C ++ - Own strncpy() C++
C ++相当于strncpy - C++ Equivalent of strncpy
如何防止C / C ++中的缓冲区溢出? - How to prevent buffer overflow in C/C++?
防止C / C ++中的缓冲区溢出 - Preventing buffer overflow in C/C++
缓冲区溢出是否发生在C ++字符串中? - Does buffer overflow happen in C++ strings?
ifstream缓冲区限制/溢出? C ++(_ cnt?) - ifstream buffer limit/overflow? C++ (_cnt?)
相关标签