From owner-freebsd-security  Thu Jul 15  9:49:52 1999
Delivered-To: freebsd-security@freebsd.org
Received: from gatekeeper.veriohosting.com (gatekeeper.veriohosting.com [192.41.0.2])
	by hub.freebsd.org (Postfix) with ESMTP id 6CB08155DF
	for <freebsd-security@freebsd.org>; Thu, 15 Jul 1999 09:49:38 -0700 (PDT)
	(envelope-from hart@iserver.com)
Received: by gatekeeper.veriohosting.com; Thu, 15 Jul 1999 10:48:35 -0600 (MDT)
Received: from unknown(192.168.1.109) by gatekeeper.veriohosting.com via smap (V3.1.1)
	id xma026496; Thu, 15 Jul 99 10:48:17 -0600
Received: (hart@localhost) by anchovy.orem.iserver.com (8.9.2) id KAA19280; Thu, 15 Jul 1999 10:47:23 -0600 (MDT)
Date: Thu, 15 Jul 1999 10:47:23 -0600 (MDT)
From: Paul Hart <hart@iserver.com>
X-Sender: hart@anchovy.orem.iserver.com
To: freebsd-security@freebsd.org
Subject: OpenBSD's strlcpy(3) and strlcat(3)
Message-ID: <Pine.BSF.3.96.990715102711.19105A-100000@anchovy.orem.iserver.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I was just reviewing the proceedings from the USENIX 1999 Annual Technical
Conference where Todd Miller and Theo de Raadt presented a paper on two
new functions that OpenBSD has integrated into libc.  The new functions,
strlcpy(3) and strlcat(3), are intended to provide an easily understood
means of safe string copying and concatenation to programmers.  Of course,
strcpy(3) and strcat(3) have obvious dangers, but their standardized
intended replacements, strncpy(3) and strncat(3), suffer from some subtle
dangers as well that can trip up even experienced programmers.

I was impressed by the paper and wondered if anyone besides myself would
be amenable to including them in FreeBSD's libc.  Are there members of the
FreeBSD core and community that would be interested in importing these new
functions?  The semantics of strncpy(3) and strncat(3) have struck me as
warts on the C standard for some time.  I'm not sure what debate took
place on the standardization committee, but whatever it was seems to have
produced some strange results. 

If you are a USENIX member you can access the text of the paper at:

    http://www.usenix.org/events/usenix99/millert.html

Paul Hart

--
Paul Robert Hart        ><8>  ><8>  ><8>        Verio Web Hosting, Inc.
hart@iserver.com        ><8>  ><8>  ><8>        http://www.iserver.com/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message