From owner-freebsd-hackers@FreeBSD.ORG Wed Aug 11 20:03:27 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4635616A4CE for ; Wed, 11 Aug 2004 20:03:27 +0000 (GMT) Received: from ylpvm15.prodigy.net (ylpvm15-ext.prodigy.net [207.115.57.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0365D43D1F for ; Wed, 11 Aug 2004 20:03:27 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (adsl-67-115-74-195.dsl.lsan03.pacbell.net [67.115.74.195]) i7BK3Tjx011736; Wed, 11 Aug 2004 16:03:30 -0400 Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 09EB651F8B; Wed, 11 Aug 2004 13:03:23 -0700 (PDT) Date: Wed, 11 Aug 2004 13:03:23 -0700 From: Kris Kennaway To: "Thordur Ivar B." Message-ID: <20040811200323.GA37059@xor.obsecurity.org> References: <20040811193254.6f0be2c2.thib@mi.is> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="EVF5PPMfhYS0aIcm" Content-Disposition: inline In-Reply-To: <20040811193254.6f0be2c2.thib@mi.is> User-Agent: Mutt/1.4.2.1i cc: freebsd-hackers@freebsd.org Subject: Re: Where is strnlen() ? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Aug 2004 20:03:27 -0000 --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Aug 11, 2004 at 07:32:54PM +0000, Thordur Ivar B. wrote: > While porting software from a friend wich was developed under Linux, I st= umbled > upon an error: src/socket.c:236: warning: implicit declaration of function > `strnlen' >=20 > Now my programming experience is nothing to brag about but I wonder why s= trnlen > is not a part of FreeBSD's libc. I think that the use of strlen() insted = of > strnlen() could resault in buffer-overflow risks and my fellows (most of = them > are more experienced in the art of programming say that bounds checking is > always good.)=20 That's not a standard function outside the Linux world, and it's not very necessary for security..no matter how you calculate the string size, you still have to have your brain engaged when you copy it into the destination buffer. Kris --EVF5PPMfhYS0aIcm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQFBGnuLWry0BWjoQKURAo9TAKCtLrKibhSx0TSb9hx0fU9XWZPVwwCg8eyQ 7/1TH486mZdz7hEcgQActEE= =ibQW -----END PGP SIGNATURE----- --EVF5PPMfhYS0aIcm--