Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 11 Aug 2004 13:03:23 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        "Thordur Ivar B." <thib@mi.is>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: Where is strnlen() ?
Message-ID:  <20040811200323.GA37059@xor.obsecurity.org>
In-Reply-To: <20040811193254.6f0be2c2.thib@mi.is>
References:  <20040811193254.6f0be2c2.thib@mi.is>

next in thread | previous in thread | raw e-mail | index | archive | help

--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Aug 11, 2004 at 07:32:54PM +0000, Thordur Ivar B. wrote:
> While porting software from a friend wich was developed under Linux, I st=
umbled
> upon an error: src/socket.c:236: warning: implicit declaration of function
> `strnlen'
>=20
> Now my programming experience is nothing to brag about but I wonder why s=
trnlen
> is not a part of FreeBSD's libc. I think that the use of strlen() insted =
of
> strnlen() could resault in buffer-overflow risks and my fellows (most of =
them
> are more experienced in the art of programming say that bounds checking is
> always good.)=20

That's not a standard function outside the Linux world, and it's not
very necessary for security..no matter how you calculate the string
size, you still have to have your brain engaged when you copy it into
the destination buffer.

Kris

--EVF5PPMfhYS0aIcm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (FreeBSD)

iD8DBQFBGnuLWry0BWjoQKURAo9TAKCtLrKibhSx0TSb9hx0fU9XWZPVwwCg8eyQ
7/1TH486mZdz7hEcgQActEE=
=ibQW
-----END PGP SIGNATURE-----

--EVF5PPMfhYS0aIcm--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040811200323.GA37059>