Date: Thu, 31 May 2001 13:35:52 -0600 From: Warner Losh <imp@harmony.village.org> To: David Malone <dwmalone@maths.tcd.ie> Cc: Kris Kennaway <kris@obsecurity.org>, Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libc/gen setproctitle.3 syslog.3 src/lib/libc/stdio printf.3 Message-ID: <200105311935.f4VJZqE94063@harmony.village.org> In-Reply-To: Your message of "Thu, 31 May 2001 20:13:26 BST." <20010531201326.A68855@walton.maths.tcd.ie> References: <20010531201326.A68855@walton.maths.tcd.ie> <200105252042.f4PKgfu84635@freefall.freebsd.org> <20010526004601.2109A3E2F@bazooka.unixfreak.org> <20010530172131.A60056@FreeBSD.org> <20010530182822.A79068@xor.obsecurity.org> <200105311537.LAA23815@khavrinen.lcs.mit.edu> <20010531115418.B96927@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20010531201326.A68855@walton.maths.tcd.ie> David Malone writes:
: On Thu, May 31, 2001 at 11:54:18AM -0700, Kris Kennaway wrote:
: > On Thu, May 31, 2001 at 11:37:31AM -0400, Garrett Wollman wrote:
: > > <<On Wed, 30 May 2001 18:28:22 -0700, Kris Kennaway <kris@obsecurity.org> said:
: > >
: > > > things like how to use strncpy() properly
: > >
: > > Mostly, ``don't.'' In almost every case where you think you might
: > > want to use strncpy(), strncat() is -- despite its name -- the correct
: > > function to use.
: >
: > Not Helpful.
: >
: > People use the function and will do so forever, so we should explain
: > how to use it correctly.
:
: AFAIK: strn{cpy,cat} are designed for working on strings which are
: stored in fixed sized storage (such as those in struct utmp). These
: are not the same as "normal" C strings as they are only nul terminated
: if the string is smaller than the storage space. Using strn{cpy,cat}
: on normal C strings is just too fiddley to get right all the time.
:
: In most cases the functions that do what people want are snprintf
: (which is in C99) or the strl{cpy,cat} (which atleast *BSD have?).
: I dunno what Posix or SUSv? say about these functions.
You use strn{cat,cpy} correctly by using them *ONLY* for fixed
strings. All other bufer overflow protected thigns should use
strl{cpy,cat}. Full stop. We should not encourage people to kludge
them for the fixed size buffer case, which is subtly different from
the fixed length string case.
strl* I think are not standard, but they are useful enough that they
should be :-)
Warner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105311935.f4VJZqE94063>