Re: Theo chiming in on strlcpy

To: John Nemeth <jnemeth%cue.bc.ca@localhost>
Subject: Re: Theo chiming in on strlcpy
From: Marc Espie <espie%nerim.net@localhost>
Date: Sun, 22 Dec 2013 00:54:40 +0100

On Sat, Dec 21, 2013 at 03:43:20PM -0800, John Nemeth wrote:
>      All my code either verify that it will fit the destination
> string before hand, or use strn* and deals properly with potential
> truncation.  Overruning a string isn't the only thing that causes
> security problems.  Truncation is quite capable of doing it as
> well.  At the very least, the app won't behave properly.  Once you
> acknowlege this, strl* buys you nothing over strn* or just plain
> str* with length calculation done before hand.

Okay, show me your code.

Follow-Ups:
- Re: Theo chiming in on strlcpy
  - From: Holger Weiss

References:
- Re: Theo chiming in on strlcpy
  - From: Marc Espie
- Re: Theo chiming in on strlcpy
  - From: John Nemeth

Prev by Date: Re: Theo chiming in on strlcpy
Next by Date: Re: Theo chiming in on strlcpy
Previous by Thread: Re: Theo chiming in on strlcpy
Next by Thread: Re: Theo chiming in on strlcpy
Indexes:

Home | Main Index | Thread Index | Old Index