Date: Thu, 15 Jul 1999 10:47:23 -0600 (MDT) From: Paul Hart <hart@iserver.com> To: freebsd-security@freebsd.org Subject: OpenBSD's strlcpy(3) and strlcat(3) Message-ID: <Pine.BSF.3.96.990715102711.19105A-100000@anchovy.orem.iserver.com>
next in thread | raw e-mail | index | archive | help
I was just reviewing the proceedings from the USENIX 1999 Annual Technical
Conference where Todd Miller and Theo de Raadt presented a paper on two
new functions that OpenBSD has integrated into libc. The new functions,
strlcpy(3) and strlcat(3), are intended to provide an easily understood
means of safe string copying and concatenation to programmers. Of course,
strcpy(3) and strcat(3) have obvious dangers, but their standardized
intended replacements, strncpy(3) and strncat(3), suffer from some subtle
dangers as well that can trip up even experienced programmers.
I was impressed by the paper and wondered if anyone besides myself would
be amenable to including them in FreeBSD's libc. Are there members of the
FreeBSD core and community that would be interested in importing these new
functions? The semantics of strncpy(3) and strncat(3) have struck me as
warts on the C standard for some time. I'm not sure what debate took
place on the standardization committee, but whatever it was seems to have
produced some strange results.
If you are a USENIX member you can access the text of the paper at:
http://www.usenix.org/events/usenix99/millert.html
Paul Hart
--
Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc.
hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990715102711.19105A-100000>