From owner-freebsd-hackers@FreeBSD.ORG Wed Aug 11 20:38:23 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E318116A4CE for ; Wed, 11 Aug 2004 20:38:23 +0000 (GMT) Received: from smtp.mi.is (smtp.mi.is [217.151.180.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 571F343D46 for ; Wed, 11 Aug 2004 20:38:23 +0000 (GMT) (envelope-from thib@mi.is) Received: from caulfield.bitcode.org (bofh.bitcode.org [217.151.165.254] (may be forged)) by smtp.mi.is (8.12.10/8.12.10/1.0.1) with SMTP id i7BKcMiv024195 for ; Wed, 11 Aug 2004 20:38:22 GMT Date: Wed, 11 Aug 2004 20:38:32 +0000 From: "Thordur Ivar B." To: freebsd-hackers@freebsd.org Message-Id: <20040811203832.728c915b.thib@mi.is> In-Reply-To: <20040811200323.GA37059@xor.obsecurity.org> References: <20040811193254.6f0be2c2.thib@mi.is> <20040811200323.GA37059@xor.obsecurity.org> Organization: n/a X-Mailer: Sylpheed version 0.9.12 (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Where is strnlen() ? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Aug 2004 20:38:24 -0000 On Wed, 11 Aug 2004 13:03:23 -0700 Kris Kennaway wrote: > On Wed, Aug 11, 2004 at 07:32:54PM +0000, Thordur Ivar B. wrote: > > While porting software from a friend wich was developed under Linux, I > > stumbled upon an error: src/socket.c:236: warning: implicit declaration of > > function`strnlen' > > > > Now my programming experience is nothing to brag about but I wonder why > > strnlen is not a part of FreeBSD's libc. I think that the use of strlen() > > insted of strnlen() could resault in buffer-overflow risks and my fellows > > (most of them are more experienced in the art of programming say that bounds > > checking is always good.) > > That's not a standard function outside the Linux world, and it's not > very necessary for security..no matter how you calculate the string > size, you still have to have your brain engaged when you copy it into > the destination buffer. > > Kris > A notable point. Still I would think that strnlen is a pretty neat functions to avoid dumb mistakes (actually malformed code.) But since it is non-standard, I guess I will have to "turn my brain on" ;> Anyway thanks for the responses. kv, thib[att]mi(dot).is -- A man can do as he will, but not will as he will. -- Arthur Schopenhauer