Date: Sat, 19 Jan 2002 15:32:51 +0300 From: Yar Tikhiy <yar@FreeBSD.ORG> To: Valentin Nechayev <netch@iv.nn.kiev.ua> Cc: hackers@FreeBSD.ORG Subject: Re: strlcat manpage Message-ID: <20020119153251.C74381@comp.chem.msu.su> In-Reply-To: <20020111002221.A571@iv.nn.kiev.ua>; from netch@iv.nn.kiev.ua on Fri, Jan 11, 2002 at 12:22:21AM %2B0200 References: <20020111002221.A571@iv.nn.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Valentin, On Fri, Jan 11, 2002 at 12:22:21AM +0200, Valentin Nechayev wrote: > There was a fresh discussion in some maillists (security-audit, glibc-alpha) of > strlcpy() and strlcat() in context of possible inclusion to glibc. > Among others, the question was spoken that strlcat manpage contains a dark > moment of strlcat() return value. One should agree with affirmation that > strlcat() must not check characters after dst[size-1], the first reason > is that memory block can end here; but, James Antill reported that > Sun programmers lost their mind and checks full length of dst as a source > nul-terminated string. (I didn't check his report.) > In this context, I think the following patch should be applied to provide > explicit clarification of this moment and full accordance with source code. First, it's better to submit such fixes as FreeBSD Problem Reports, or they'll have a fair chance to get lost in the high volume of freebsd-hackers. Second, the strlcat(3) manpage language has already been improved with respect to this issue. The upcoming 4.5-RELEASE will contain the corrected manpage. Thank you for your effort. [Not removind freebsd-hackers from CC to show to the world such messages won't be just ignored here :-) ] -- Yar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020119153251.C74381>