Date: Mon, 4 Nov 2013 21:31:58 -0800 From: John-Mark Gurney <jmg@funkthat.com> To: Eitan Adler <eadler@FreeBSD.org> Cc: svn-src-head@FreeBSD.org, svn-src-all@FreeBSD.org, src-committers@FreeBSD.org Subject: Re: svn commit: r257646 - head/lib/libc/string Message-ID: <20131105053158.GQ73243@funkthat.com> In-Reply-To: <201311041905.rA4J5WT0097968@svn.freebsd.org> References: <201311041905.rA4J5WT0097968@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Eitan Adler wrote this message on Mon, Nov 04, 2013 at 19:05 +0000: > Author: eadler > Date: Mon Nov 4 19:05:31 2013 > New Revision: 257646 > URL: http://svnweb.freebsd.org/changeset/base/257646 > > Log: > Use OpenBSD's revamped description of strlcpy and strlcat. > > This explanation is supposed to be simpler and better. In particular > "comparing it to the snprintf API provides lots of value, since it raises the > bar on understanding, so that programmers/auditors will a better job calling > all 3 of these functions." Can we add a warning that it is not safe to just simply replace strncpy with strlcpy? strncpy does something useful in that it NULs out the remaining buffer, which when coping strings from/to kernel buffers prevent information leaks, so I'd argue that strlcpy can be used incorrectly just as strncpy can be... Just a thought... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131105053158.GQ73243>