From owner-freebsd-security Thu Jul 15 14:33:37 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail1.its.rpi.edu (mail1.its.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 8B1A8155BA for ; Thu, 15 Jul 1999 14:33:31 -0700 (PDT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail1.its.rpi.edu (8.8.8/8.8.6) with ESMTP id RAA10722; Thu, 15 Jul 1999 17:33:29 -0400 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: Date: Thu, 15 Jul 1999 17:33:29 -0400 To: Paul Hart , freebsd-security@FreeBSD.ORG From: Garance A Drosihn Subject: Re: OpenBSD's strlcpy(3) and strlcat(3) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:47 AM -0600 7/15/99, Paul Hart wrote: > ... Todd Miller and Theo de Raadt presented a paper on two new > functions that OpenBSD has integrated into libc. The new functions, > strlcpy(3) and strlcat(3), are intended to provide an easily understood > means of safe string copying and concatenation to programmers. > > I was impressed by the paper and wondered if anyone besides myself would > be amenable to including them in FreeBSD's libc. Seems to me they would be good to have, seeing that some other platforms have started using them. I've been meaning to address the same issues via a slightly different set of routines, but given that my routines are not written yet I'll have to admit these have a significant advantage. :-) What I wanted to do was have "estr" routines, where the destination is specified as the starting point and the ending point of the area available for the string (as two parameters). The routines would return the position of the current string-terminator. So you could do things like: eos = estrcpy(dest, endp, src1); eos = estrcat(eos, endp, src2); eos = estrcat(eos, endp, src3); and you could check for "string is full" by comparing 'eos' (the return value) to 'endp' (which you'd already have). Strictly speaking that won't work quite right in some cases, so the strlcpy routines also have an advantage there. My idea was that estrcpy and estrcat could be written to be pretty fast. If you were doing a lot of concatinations, for instance, the above could end up FASTER than using regular strcpy and strcat (never mind strncpy and strncat). You could also have 'estrncpy' and 'estrncat' if you wanted. In fact, I also wanted to have estrcat2 and estrcat3, which allowed for two/three source strings, so one could write: if (ptr != NULL) eos = estrcat2(eos, endp, ", ", ptr); or if (ptr != NULL) eos = estrcat3(eos, endp, " ", ptr, ","); > The semantics of strncpy(3) and strncat(3) have struck me as warts > on the C standard for some time. I'm not sure what debate took > place on the standardization committee, but whatever it was seems > to have produced some strange results. Seems to me that they are fine routines, it's just that everyone is now using them for something that they were never designed for. [also, we probably should discuss this in some wider audience than freebsd-security, perhaps freebsd-hackers?] --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message