svn commit: r257646 - head/lib/libc/string

John-Mark Gurney jmg at funkthat.com
Tue Nov 5 05:32:06 UTC 2013


Eitan Adler wrote this message on Mon, Nov 04, 2013 at 19:05 +0000:
> Author: eadler
> Date: Mon Nov  4 19:05:31 2013
> New Revision: 257646
> URL: http://svnweb.freebsd.org/changeset/base/257646
> 
> Log:
>   Use OpenBSD's revamped description of strlcpy and strlcat.
>   
>   This explanation is supposed to be simpler and better.  In particular
>   "comparing it to the snprintf API provides lots of value, since it raises the
>   bar on understanding, so that programmers/auditors will a better job calling
>   all 3 of these functions."

Can we add a warning that it is not safe to just simply replace strncpy
with strlcpy?  strncpy does something useful in that it NULs out the
remaining buffer, which when coping strings from/to kernel buffers
prevent information leaks, so I'd argue that strlcpy can be used
incorrectly just as strncpy can be...

Just a thought...

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."


More information about the svn-src-head mailing list