Date: Thu, 15 Jul 1999 17:33:29 -0400 From: Garance A Drosihn <drosih@rpi.edu> To: Paul Hart <hart@iserver.com>, freebsd-security@FreeBSD.ORG Subject: Re: OpenBSD's strlcpy(3) and strlcat(3) Message-ID: <v04011702b3b3f07b38ae@[128.113.24.47]> In-Reply-To: <Pine.BSF.3.96.990715102711.19105A-100000@anchovy.orem.iserver.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:47 AM -0600 7/15/99, Paul Hart wrote:
> ... Todd Miller and Theo de Raadt presented a paper on two new
> functions that OpenBSD has integrated into libc. The new functions,
> strlcpy(3) and strlcat(3), are intended to provide an easily understood
> means of safe string copying and concatenation to programmers.
>
> I was impressed by the paper and wondered if anyone besides myself would
> be amenable to including them in FreeBSD's libc.
Seems to me they would be good to have, seeing that some other platforms
have started using them. I've been meaning to address the same issues
via a slightly different set of routines, but given that my routines are
not written yet I'll have to admit these have a significant advantage. :-)
What I wanted to do was have "estr" routines, where the destination
is specified as the starting point and the ending point of the area
available for the string (as two parameters). The routines would
return the position of the current string-terminator. So you could
do things like:
eos = estrcpy(dest, endp, src1);
eos = estrcat(eos, endp, src2);
eos = estrcat(eos, endp, src3);
and you could check for "string is full" by comparing 'eos' (the
return value) to 'endp' (which you'd already have). Strictly
speaking that won't work quite right in some cases, so the strlcpy
routines also have an advantage there.
My idea was that estrcpy and estrcat could be written to be pretty
fast. If you were doing a lot of concatinations, for instance, the
above could end up FASTER than using regular strcpy and strcat (never
mind strncpy and strncat). You could also have 'estrncpy' and
'estrncat' if you wanted. In fact, I also wanted to have estrcat2
and estrcat3, which allowed for two/three source strings, so one
could write:
if (ptr != NULL) eos = estrcat2(eos, endp, ", ", ptr);
or
if (ptr != NULL) eos = estrcat3(eos, endp, " ", ptr, ",");
> The semantics of strncpy(3) and strncat(3) have struck me as warts
> on the C standard for some time. I'm not sure what debate took
> place on the standardization committee, but whatever it was seems
> to have produced some strange results.
Seems to me that they are fine routines, it's just that everyone is
now using them for something that they were never designed for.
[also, we probably should discuss this in some wider audience than
freebsd-security, perhaps freebsd-hackers?]
---
Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu
Senior Systems Programmer or drosih@rpi.edu
Rensselaer Polytechnic Institute
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04011702b3b3f07b38ae>