Date: Thu, 5 May 2005 23:54:19 -0700 From: John-Mark Gurney <gurney_j@resnet.uoregon.edu> To: "M. Warner Losh" <imp@bsdimp.com> Cc: cperciva@freebsd.org Subject: Re: cvs commit: src/sys/kern subr_bus.c subr_rman.c vfs_subr.c src/sys/net if_mib.c src/sys/netinet ip_divert.c raw_ip.c udp_usrreq.c Message-ID: <20050506065419.GE2670@funkthat.com> In-Reply-To: <20050506.002419.88383520.imp@bsdimp.com> References: <20050506032202.GC2670@funkthat.com> <20050505.232214.96921001.imp@bsdimp.com> <20050506062013.GD2670@funkthat.com> <20050506.002419.88383520.imp@bsdimp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Warner Losh wrote this message on Fri, May 06, 2005 at 00:24 -0600:
> Yes, I understand that. But Like I said before, it is better to zero
> the entire hunk of memory with bzero or M_ZERO....
>
> The problem with strncpy is that it doesn't guarantee NUL
> termination when strlen(s) > sizeof(d).
And depending upon the interface, this is a good thing... I know that
there are a few interfaces out there that use all chars for the array
and assume that the userland program knows that when the array is full,
to self terminate... Luckily, with such things as printf, you can still
safely print such a string... (Hint to the other readers: It involves
a `.' and a `*'.)
But now we are getting down into semantics... I was just pointing out
that if the buffer was filled with strncpy, we don't have to worry about
leaking information... I didn't completely understand this till just
over a year ago, and I'm probably not the only one that forgets/doesn't
remeber/never knew that strncpy behaved this way...
I didn't see any cases of this in the patches that were submitted, but
I also only checked one file...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050506065419.GE2670>