Date: Thu, 15 Jul 1999 18:32:22 -0600 From: Warner Losh <imp@village.org> To: Mike Smith <mike@smith.net.au> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: OpenBSD's strlcpy(3) and strlcat(3) Message-ID: <199907160032.SAA01282@harmony.village.org> In-Reply-To: Your message of "Thu, 15 Jul 1999 17:23:15 PDT." <199907160023.RAA02029@dingo.cdrom.com> References: <199907160023.RAA02029@dingo.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199907160023.RAA02029@dingo.cdrom.com> Mike Smith writes: : I still think this is the wrong way to deal with the problem. 8) We mildly disagree here. The strl* functions are the end all, be all of security. They are just designed to make the existing code that uses static buffers easy to make more robust w/o radically altering that code. Of course, strings have always been weak in 'C'. You make them static and they overflow. You malloc them, and often people forget to free them later leading to other problems... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907160032.SAA01282>