From owner-freebsd-hackers  Thu Jul 15 17:25:57 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from rover.village.org (rover.village.org [204.144.255.49])
	by hub.freebsd.org (Postfix) with ESMTP id 6D6E015751
	for <freebsd-hackers@FreeBSD.ORG>; Thu, 15 Jul 1999 17:25:52 -0700 (PDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (harmony.village.org [10.0.0.6])
	by rover.village.org (8.9.3/8.9.3) with ESMTP id SAA29708;
	Thu, 15 Jul 1999 18:24:26 -0600 (MDT)
	(envelope-from imp@harmony.village.org)
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id SAA01153; Thu, 15 Jul 1999 18:24:25 -0600 (MDT)
Message-Id: <199907160024.SAA01153@harmony.village.org>
To: Mike Smith <mike@smith.net.au>
Subject: Re: OpenBSD's strlcpy(3) and strlcat(3) 
Cc: Tim Vanderhoek <vanderh@ecf.utoronto.ca>,
	Sheldon Hearn <sheldonh@uunet.co.za>,
	Garance A Drosihn <drosih@rpi.edu>, Paul Hart <hart@iserver.com>,
	freebsd-hackers@FreeBSD.ORG
In-reply-to: Your message of "Thu, 15 Jul 1999 15:44:51 PDT."
		<199907152244.PAA01458@dingo.cdrom.com> 
References: <199907152244.PAA01458@dingo.cdrom.com>  
Date: Thu, 15 Jul 1999 18:24:25 -0600
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In message <199907152244.PAA01458@dingo.cdrom.com> Mike Smith writes:
: What's really stupid is that most of the time you're trying to use 
: these functions to fix code that looks like:
: 	strcpy(buf, str1);
: 	strcat(buf, str2);
: 	strcat(buf, str3);
: without overflowing buf.  This is dumb!  Use asprintf instead:
: 
: 	asprinf(&buf, "%s%s%s", str1, str2, str3);
: 
: If you can't keep all of the string elements together at once, try:
: 
: 	asprinf(&buf, "%s%s", str1, str2);
: 	...
: 	asprintf(&buf2, "%s%s", buf, str3);
: 	free(buf);
: 
: No, it's not fast, but it _is_ robust.

That is true for this case, but not always true.  I think these APIs
have an excellent role to play.  Sure, there are other ways to do it,
but there are a growing number of systems that have strl* on them
(OpenBSD, Linux and Solaris), which is reason enough to improve our
portability by using them.

The asprintf isn't completely robust becuase you must free() the
routine, or face a memory leak.  It won't overflow, but it might
introduce another bug.  The whole point of these APIs was to
transition old code to new in a safe manner that isn't prone to
potentiall programming errors.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message