...
This solution is still problematic in that a buffer overflow will occur if the null-terminated byte string referenced by msg
is greater than 17 bytes, including the NULL terminator. The solution also makes use of a "magic number," which should be avoided (see DCL06-C. Use meaningful symbolic constants to represent literal values in program logic).
Compliant Solution
In this solution, the magic number is abstracted and the buffer overflow is eliminated.
...