Where is strnlen() ?
gerarra at tin.it
gerarra at tin.it
Fri Aug 13 04:36:51 PDT 2004
>I agree but what I was thinking at the time if I'm reciving user input
to
>a
>program wich uses strlen I might be vonerable to buffer overflow attacks
>(But
>that has been cleard up) and ofcourse in most cases you know the length
of
>a
>string you are using (exept when you are dealing with user input, wich
was
>the
>case in my porting effort.) And since I'm a pedant I think that interducing
>new
>non-standard functions is not an option so I think I will have to
>"turn-my-brain-on" as I mentioned in a previous post.
>
>Anyways thanks for the replays.
I completely agree. Solutions like that (non standard wrappers, run time
checking, etc. etc.) ading overhead and could give a false sense of 'security';
security is a state of mind, if you don't care about your code you can't
reach really security.
my 2 cents
rookie
More information about the freebsd-hackers
mailing list