Date: Thu, 15 Jul 1999 10:47:23 -0600 (MDT) From: Paul Hart <hart@iserver.com> To: freebsd-security@freebsd.org Subject: OpenBSD's strlcpy(3) and strlcat(3) Message-ID: <Pine.BSF.3.96.990715102711.19105A-100000@anchovy.orem.iserver.com>
next in thread | raw e-mail | index | archive | help
I was just reviewing the proceedings from the USENIX 1999 Annual Technical Conference where Todd Miller and Theo de Raadt presented a paper on two new functions that OpenBSD has integrated into libc. The new functions, strlcpy(3) and strlcat(3), are intended to provide an easily understood means of safe string copying and concatenation to programmers. Of course, strcpy(3) and strcat(3) have obvious dangers, but their standardized intended replacements, strncpy(3) and strncat(3), suffer from some subtle dangers as well that can trip up even experienced programmers. I was impressed by the paper and wondered if anyone besides myself would be amenable to including them in FreeBSD's libc. Are there members of the FreeBSD core and community that would be interested in importing these new functions? The semantics of strncpy(3) and strncat(3) have struck me as warts on the C standard for some time. I'm not sure what debate took place on the standardization committee, but whatever it was seems to have produced some strange results. If you are a USENIX member you can access the text of the paper at: http://www.usenix.org/events/usenix99/millert.html Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990715102711.19105A-100000>