--mSxgbZZZvrAyzONB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Thursday, 15 May 2003 at  0:42:59 +0900, Noriyuki Soda wrote:
>>>>>> On Thu, 15 May 2003 00:33:58 +0900,
> 	Jun-ichiro itojun Hagino <itojun@iijlab.net> said:
>
>> 	is it ok if i introduce strl{cpy,cat} into libkern?  strcpy -> strlcpy
>> 	rewrite will be next.
>
> Is there any insecure usage of str{cpy,cat} in kernel?

If not, there would be when (if) Vinum gets imported.

> But I don't think it's right thing to blindly rewrite str{cpy,cat}
> to strl{cpy,cat}, because there are many cases that completely
> secure usage of str{cpy,cat}.

Agreed.

Ted Unangst has recently ported Vinum to OpenBSD, and one of the few
changes he made was to change some strcpys to strlcpys, etc.  For
example:

-           strcpy(ioctl_reply->msg, text);
+           strlcpy(ioctl_reply->msg, text, sizeof(ioctl_reply->msg));

On the other hand, it doesn't seem to be necessary to change this kind
of call:

		strcpy(ioctl_reply->msg, "no additional drives found");

This relies on knowing that ioctl_reply->msg is much bigger than any
normal text, of course.

Greg
--
Finger grog@lemis.com for PGP public key
See complete headers for address and phone numbers

--mSxgbZZZvrAyzONB
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (FreeBSD)

iD8DBQE+wxXUIubykFB6QiMRAkIIAKCBwNl7smmeCaQwfY5KD4OL3Mc+RQCgicUR
5kzkmw2nPA+OSpHlpYfqQFE=
=/Ee9
-----END PGP SIGNATURE-----

--mSxgbZZZvrAyzONB--