From owner-freebsd-hackers Thu Jul 15 17:37:34 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from dingo.cdrom.com (dingo.cdrom.com [204.216.28.145]) by hub.freebsd.org (Postfix) with ESMTP id D5A2915658 for ; Thu, 15 Jul 1999 17:37:30 -0700 (PDT) (envelope-from mike@dingo.cdrom.com) Received: from dingo.cdrom.com (localhost.cdrom.com [127.0.0.1]) by dingo.cdrom.com (8.9.3/8.8.8) with ESMTP id RAA02110; Thu, 15 Jul 1999 17:32:18 -0700 (PDT) (envelope-from mike@dingo.cdrom.com) Message-Id: <199907160032.RAA02110@dingo.cdrom.com> X-Mailer: exmh version 2.0.2 2/24/98 To: Warner Losh Cc: Mike Smith , freebsd-hackers@FreeBSD.ORG Subject: Re: OpenBSD's strlcpy(3) and strlcat(3) In-reply-to: Your message of "Thu, 15 Jul 1999 18:32:22 MDT." <199907160032.SAA01282@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 15 Jul 1999 17:32:18 -0700 From: Mike Smith Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > In message <199907160023.RAA02029@dingo.cdrom.com> Mike Smith writes: > : I still think this is the wrong way to deal with the problem. 8) > > We mildly disagree here. The strl* functions are the end all, be all > of security. They are just designed to make the existing code that > uses static buffers easy to make more robust w/o radically altering > that code. > > Of course, strings have always been weak in 'C'. You make them static > and they overflow. You malloc them, and often people forget to free > them later leading to other problems... With the addition of a "not" in your first paragraph, I actually think we're in agreement here. I'm just maintaining that in most of the in-tree cases where static buffers are used, a dynamic buffer would have been a better design choice; you might want to disagree there too of course. 8) Regardless, we should definitely adopt these functions for no other reason than portability, no argument there. -- \\ The mind's the standard \\ Mike Smith \\ of the man. \\ msmith@freebsd.org \\ -- Joseph Merrick \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message