Date: Thu, 15 Jul 1999 17:32:18 -0700 From: Mike Smith <mike@smith.net.au> To: Warner Losh <imp@village.org> Cc: Mike Smith <mike@smith.net.au>, freebsd-hackers@FreeBSD.ORG Subject: Re: OpenBSD's strlcpy(3) and strlcat(3) Message-ID: <199907160032.RAA02110@dingo.cdrom.com> In-Reply-To: Your message of "Thu, 15 Jul 1999 18:32:22 MDT." <199907160032.SAA01282@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> In message <199907160023.RAA02029@dingo.cdrom.com> Mike Smith writes: > : I still think this is the wrong way to deal with the problem. 8) > > We mildly disagree here. The strl* functions are the end all, be all > of security. They are just designed to make the existing code that > uses static buffers easy to make more robust w/o radically altering > that code. > > Of course, strings have always been weak in 'C'. You make them static > and they overflow. You malloc them, and often people forget to free > them later leading to other problems... With the addition of a "not" in your first paragraph, I actually think we're in agreement here. I'm just maintaining that in most of the in-tree cases where static buffers are used, a dynamic buffer would have been a better design choice; you might want to disagree there too of course. 8) Regardless, we should definitely adopt these functions for no other reason than portability, no argument there. -- \\ The mind's the standard \\ Mike Smith \\ of the man. \\ msmith@freebsd.org \\ -- Joseph Merrick \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907160032.RAA02110>