From owner-freebsd-security  Fri Jul 16 12:11:31 1999
Delivered-To: freebsd-security@freebsd.org
Received: from xylan.com (postal.xylan.com [208.8.0.248])
	by hub.freebsd.org (Postfix) with ESMTP id 5A2B915733
	for <freebsd-security@FreeBSD.ORG>; Fri, 16 Jul 1999 12:11:19 -0700 (PDT)
	(envelope-from wes@softweyr.com)
Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT]))
	id MAA20660; Fri, 16 Jul 1999 12:09:22 -0700 (PDT)
Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB]))
	id MAA03117; Fri, 16 Jul 1999 12:09:22 -0700
Received: from softweyr.com (dyn2.utah.xylan.com) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL]))
	id AA08907; Fri, 16 Jul 99 12:09:14 PDT
Message-Id: <378F8359.E68C040A@softweyr.com>
Date: Fri, 16 Jul 1999 13:09:13 -0600
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386)
X-Accept-Language: en
Mime-Version: 1.0
To: Brett Glass <brett@lariat.org>
Cc: Sheldon Hearn <sheldonh@uunet.co.za>,
	Warner Losh <imp@village.org>, Paul Hart <hart@iserver.com>,
	freebsd-security@FreeBSD.ORG
Subject: Re: OpenBSD's strlcpy(3) and strlcat(3)
References: <Your message of "Thu, 15 Jul 1999 17:19:05 CST." <199907152319.RAA73667@harmony.village.org> <4.2.0.58.19990715174241.045f0550@localhost>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Brett Glass wrote:
> 
> How about returning the shortfall as the return value of the function?
> 
> This would allow the programmer to wrap an "if" right around the function
> call and handle the error easily if the string was truncated. Making a
> check convenient would encourage programmers to insert it into their code.
> Having to write a separate test would actually discourage this practice
> and could lead to malfunctioning code.

A good idea, but it's already provided.  As pointed out on Slide 9, if 
(strlcat(..., size) >= size) an overflow occured and should be handled.

I agree with Mike that for future development or audits of existing code,
moving away from static buffers is THE way to make the codebase less 
fragile.  strl* does seem to have some compelling features for fixing
existing code when a complete audit is either not warranted or just not
feasible given the available "headcount."  Relatively inexperienced 
programmers could be given a set of rules for replacing strcat and strcpy
with strlcat and strlcpy to improve, if not perfect, many programs quite
quickly.

-- 
            "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                         Softweyr LLC
http://softweyr.com/                                           wes@softweyr.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message