Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 11 Aug 2004 20:38:32 +0000
From:      "Thordur Ivar B." <thib@mi.is>
To:        freebsd-hackers@freebsd.org
Subject:   Re: Where is strnlen() ?
Message-ID:  <20040811203832.728c915b.thib@mi.is>
In-Reply-To: <20040811200323.GA37059@xor.obsecurity.org>
References:  <20040811193254.6f0be2c2.thib@mi.is> <20040811200323.GA37059@xor.obsecurity.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 11 Aug 2004 13:03:23 -0700
Kris Kennaway <kris@obsecurity.org> wrote:

> On Wed, Aug 11, 2004 at 07:32:54PM +0000, Thordur Ivar B. wrote:
> > While porting software from a friend wich was developed under Linux, I
> > stumbled upon an error: src/socket.c:236: warning: implicit declaration of
> > function`strnlen'
> > 
> > Now my programming experience is nothing to brag about but I wonder why
> > strnlen is not a part of FreeBSD's libc. I think that the use of strlen()
> > insted of strnlen() could resault in buffer-overflow risks and my fellows
> > (most of them are more experienced in the art of programming say that bounds
> > checking is always good.) 
> 
> That's not a standard function outside the Linux world, and it's not
> very necessary for security..no matter how you calculate the string
> size, you still have to have your brain engaged when you copy it into
> the destination buffer.
> 
> Kris
> 

A notable point. Still I would think that strnlen is a pretty neat functions to
avoid dumb mistakes (actually malformed code.) But since it is non-standard, I
guess I will have to "turn my brain on" ;>

Anyway thanks for the responses.

kv, thib[att]mi(dot).is
-- 
A man can do as he will, but not will as he will.
		-- Arthur Schopenhauer



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040811203832.728c915b.thib>