tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: unsafe strlcpy (Maxime Villard) writes:

>I think that strlcpy has a bad design and should be replaced by the safer

Neither strlcpy nor copystr is safe, and in netbsd32_ioctl it should just
be replaced with memcpy().

>In PPPoE I think we should drop the string stuff, calling printf is already a
>bad idea anyway.

The correct way is to safely parse the input, e.g. with strnvisx.

                                Michael van Elst
                                "A potential Snark may lurk in every tree."

Home | Main Index | Thread Index | Old Index