From owner-freebsd-security  Thu Jul 15 17: 7:53 1999
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2])
	by hub.freebsd.org (Postfix) with ESMTP id B74041562C
	for <freebsd-security@FreeBSD.ORG>; Thu, 15 Jul 1999 17:07:51 -0700 (PDT)
	(envelope-from brett@lariat.org)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2])
	by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id SAA12436;
	Thu, 15 Jul 1999 18:06:44 -0600 (MDT)
Message-Id: <4.2.0.58.19990715180119.04723d20@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 
Date: Thu, 15 Jul 1999 18:05:06 -0600
To: Sheldon Hearn <sheldonh@uunet.co.za>
From: Brett Glass <brett@lariat.org>
Subject: Re: OpenBSD's strlcpy(3) and strlcat(3) 
Cc: Warner Losh <imp@village.org>, Paul Hart <hart@iserver.com>,
	freebsd-security@FreeBSD.ORG
In-Reply-To: <80788.932082769@axl.noc.iafrica.com>
References: <Your message of "Thu, 15 Jul 1999 17:47:03 CST." <4.2.0.58.19990715174241.045f0550@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The danger here is that the semantics are changed so radically by the value
of the argument. This is an invitation to confusion.

A more consistent way to do it would be to have the function return zero
if the programmer opted not to know about any shortfall.

Or, even better, ALWAYS return the shortfall. The programmer can then discard
the return value if he's really willing to ignore it (perhaps at his peril).

--Brett

At 01:52 AM 7/16/99 +0200, Sheldon Hearn wrote:


>On Thu, 15 Jul 1999 17:47:03 CST, Brett Glass wrote:
>
> > How about returning the shortfall as the return value of the function?
>
>Um, hello? That's exactly what I'm proposing:
>
> > >RETURN VALUES
> > >
> > >If the optional shortfall argument is passed non-zero, the functions
> > >return the number of characters from src that are missing in dst after
> > >the operation. Otherwise, they return the length of dst. In either case,
> > >the return value does not include the NUL terminator.
>
>:-)
>
>Ciao,
>Sheldon.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message