Date: Fri, 16 Jul 1999 13:09:13 -0600 From: Wes Peters <wes@softweyr.com> To: Brett Glass <brett@lariat.org> Cc: Sheldon Hearn <sheldonh@uunet.co.za>, Warner Losh <imp@village.org>, Paul Hart <hart@iserver.com>, freebsd-security@FreeBSD.ORG Subject: Re: OpenBSD's strlcpy(3) and strlcat(3) Message-ID: <378F8359.E68C040A@softweyr.com> References: <Your message of "Thu, 15 Jul 1999 17:19:05 CST." <199907152319.RAA73667@harmony.village.org> <4.2.0.58.19990715174241.045f0550@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass wrote:
>
> How about returning the shortfall as the return value of the function?
>
> This would allow the programmer to wrap an "if" right around the function
> call and handle the error easily if the string was truncated. Making a
> check convenient would encourage programmers to insert it into their code.
> Having to write a separate test would actually discourage this practice
> and could lead to malfunctioning code.
A good idea, but it's already provided. As pointed out on Slide 9, if
(strlcat(..., size) >= size) an overflow occured and should be handled.
I agree with Mike that for future development or audits of existing code,
moving away from static buffers is THE way to make the codebase less
fragile. strl* does seem to have some compelling features for fixing
existing code when a complete audit is either not warranted or just not
feasible given the available "headcount." Relatively inexperienced
programmers could be given a set of rules for replacing strcat and strcpy
with strlcat and strlcpy to improve, if not perfect, many programs quite
quickly.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://softweyr.com/ wes@softweyr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?378F8359.E68C040A>