Where is strnlen() ?
Thordur Ivar B.
thib at mi.is
Wed Aug 11 13:38:24 PDT 2004
On Wed, 11 Aug 2004 13:03:23 -0700
Kris Kennaway <kris at obsecurity.org> wrote:
> On Wed, Aug 11, 2004 at 07:32:54PM +0000, Thordur Ivar B. wrote:
> > While porting software from a friend wich was developed under Linux, I
> > stumbled upon an error: src/socket.c:236: warning: implicit declaration of
> > function`strnlen'
> >
> > Now my programming experience is nothing to brag about but I wonder why
> > strnlen is not a part of FreeBSD's libc. I think that the use of strlen()
> > insted of strnlen() could resault in buffer-overflow risks and my fellows
> > (most of them are more experienced in the art of programming say that bounds
> > checking is always good.)
>
> That's not a standard function outside the Linux world, and it's not
> very necessary for security..no matter how you calculate the string
> size, you still have to have your brain engaged when you copy it into
> the destination buffer.
>
> Kris
>
A notable point. Still I would think that strnlen is a pretty neat functions to
avoid dumb mistakes (actually malformed code.) But since it is non-standard, I
guess I will have to "turn my brain on" ;>
Anyway thanks for the responses.
kv, thib[att]mi(dot).is
--
A man can do as he will, but not will as he will.
-- Arthur Schopenhauer
More information about the freebsd-hackers
mailing list