[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: strlcpy and strlcat in linux libc ?



On Mon, Mar 04, 2002 at 03:16:33PM +0100, Moritz Schulte wrote:
> > I am working at the moment on some port from openBSD to debian, and
> > discovered that they use this strlcpy|cat (security enhanced version
> > of strNcpy|cat). Does someone know if there are any plan or a place
> > to get those included in the standard version of the libc ?
> 
> Get an impression:
> 
> http://sources.redhat.com/ml/libc-alpha/2002-01/msg00001.html
> http://sources.redhat.com/ml/libc-alpha/2000-08/msg00052.html

Nice to see good old anti-Theoism influencing excuses to ignore code which
makes perfect sense.

I don't know how these functions have any effect on security over the strn
functions except in the most indirect manner, but can anyone tell me what
the point of not copying a string past the end of the space allocated for
it is if the next time you attempt to use the newly copied string you run
right off the edge of the new array?  But somehow, s/n/l/ in the function
name is harder to read and the function is "inefficient BSD crap".

The only real controversy here is between the status quo and possibly
inflating Theo's ego further (if such could actually be accomplished
anyway.)  In the meantime, most of my work (and a lot of other people's as
well) will continue to reinvent the wheel while the glibc maintainers
continue to cover their ears and hum REAL LOUD.

-- 
Joseph Carter <knghtbrd@bluecherry.net>     I N33D MY G4M3Z, D00D!!!!111!!
                                                      (Just ... don't ask)
 
Feb  5 13:27:01 trinity lp0 on fire
        -- the Linux kernel, alerting me that there was some unknown
           problem with my printer (ie, it was out of ink)

Attachment: pgptDnFpaLkxN.pgp
Description: PGP signature


Reply to: