Does Range Checking Help? strncpy(char *dest,const char *src,size t n) -If strncpy is used instead of strcpy,no more than n characters will be copied from *src to *dest Programmer has to supply the right value ofn Potential overflow in htpasswd.c (Apache 1.3): strcpy(record,user); strcat (record,":"); Copies username("user")into buffer("record"), strcat (record,cpw)i then appends“.”and hashed password('cpw') Published“fix”(do you see the problem?): strncpy (record,user,MAX STRING LEN-1); strcat(record,":"); strncat (record,cpw,MAX STRING LEN-1);... 1010 strncpy(char *dest, const char *src, size_t n) ─ If strncpy is used instead of strcpy, no more than n characters will be copied from *src to *dest ● Programmer has to supply the right value of n Potential overflow in htpasswd.c (Apache 1.3): … strcpy(record,user); strcat(record,”:”); strcat(record,cpw); … Published “fix” (do you see the problem?): … strncpy(record,user,MAX_STRING_LEN-1); strcat(record,”:”); strncat(record,cpw,MAX_STRING_LEN-1); … Does Range Checking Help? Copies username (“user”) into buffer (“record”), then appends “:” and hashed password (“cpw”)