Re: Theo chiming in on strlcpy

[Robert Elz <kre%munnari.OZ.AU@localhost>]

    Date:        Sat, 21 Dec 2013 14:22:13 +0100
    From:        Marc Espie <espie%nerim.net@localhost>
    Message-ID:  <20131221132213.GA29089%lain.home@localhost>

  | http://marc.info/?l=openbsd-tech&m=138733933417096&w=2
  | ('On the matter of strlcpy/strlcat acceptance by industry')

Unless this was caused by something different than I think it was,
this is an example of changing the focus of an argument into one
that you hope you can win, with the expectation then that people
will believe that the original argument was won...

I think this came from a discussion on the nmh list - where the nmh
developers were discussing what to do about openbsd's linker issuing
warnings about uses of strcpy() in nmh.   So far, even though a few
possible overflows were located - none of them are in places that are
at all dangerous (only things like absurd configs in the system config
file - defining the local domain name to be huge for example) could
cause one of the so far detected "problems".   Not surprising really,
nmh (and MH that preceded it) is quite old, most bugs that would ever
occur in reality have probably occurred and been fixed by now...

But no-one there said that strlcpy() et al are "stupid".   The complaints
were about openbsd's insistence that "almost all" strcpy() uses are
broken, that is, that the API is broken - which of course, it isn't.

No-one cares how much software uses strlcpy() instead of strcpy().  That's
just fine.  If the authors think it is an interface more suited to their
needs, then they should be using it.

What the objection was (and it is hard to tell how much of that software
using strlcpy() use it for this reason instead of the one above) was
essentially blackmailing software into switching to strlcpy() by claiming
(to users who know no better who are building the software) that anything
that uses strcpy() simply must be broken and buggy.   That is nonsense -
that's what is stupid, not strlcpy() and friends.

There was a statement on the nmh list by the author (well, current & long time
maintainer) of one well known piece of software, that when the openbsd
people sent patches to convert from strcpy() to strlcpy() he rejected them
because they weren't done correctly (that is, they silently truncated
data if it would previously have overflowed - which is not to say that
strlcpy() cannot be used to avoid this, just that in that particular case,
by people who in theory should know better, it wasn't) and instead he put in
explicit checks (asserts) to verify that he strcpy() and strcat() were
all safe - under the assumption that it was supposed to be correct already,
and if not, it was a bug, and it was better for the software to crash so the
bug can be fixed, than to continue with incorrect data.

I guess someone could interpret that as someone claiming that strlcpy() etc
were stupid - but that was not what was ever said.

Collecting statistics on how much software has (for whatever reason) switched
to using strlcpy() might be good as an ego boost for openbsd people, but
otherwise is a waste of time.

So is this discussion.

kre