From owner-freebsd-hackers@FreeBSD.ORG  Fri Aug 13 11:36:51 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2853416A4CE
	for <freebsd-hackers@freebsd.org>;
	Fri, 13 Aug 2004 11:36:51 +0000 (GMT)
Received: from vsmtp3.tin.it (vsmtp3alice.tin.it [212.216.176.143])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 80A0243D45
	for <freebsd-hackers@freebsd.org>;
	Fri, 13 Aug 2004 11:36:50 +0000 (GMT)	(envelope-from gerarra@tin.it)
Received: from ims3a.cp.tin.it (192.168.70.103) by vsmtp3.tin.it (7.0.027)
	id 40F033B60062DBD8 for freebsd-hackers@freebsd.org;
	Fri, 13 Aug 2004 13:36:49 +0200
Received: from [192.168.70.226] by ims3a.cp.tin.it with HTTP;
	Fri, 13 Aug 2004 13:36:49 +0200
Date: Fri, 13 Aug 2004 13:36:49 +0200
Message-ID: <4119722900001FCE@ims3a.cp.tin.it>
In-Reply-To: <20040813111849.047fae64.thib@mi.is>
From: gerarra@tin.it
To: freebsd-hackers@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-15"
Content-Transfer-Encoding: quoted-printable
Subject: Re: Where is strnlen() ?
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Aug 2004 11:36:51 -0000

>I agree but what I was thinking at the time if I'm reciving user input
to
>a
>program wich uses strlen I might be vonerable to buffer overflow attacks=

>(But
>that has been cleard up) and ofcourse in most cases you know the length
of
>a
>string you are using (exept when you are dealing with user input, wich
was
>the
>case in my porting effort.) And since I'm a pedant I think that interduc=
ing
>new
>non-standard functions is not an option so I think I will have to
>"turn-my-brain-on" as I mentioned in a previous post.
>
>Anyways thanks for the replays.

I completely agree. Solutions like that (non standard wrappers, run time
checking, etc. etc.) ading overhead and could give a false sense of 'secu=
rity';
security is a state of mind, if you don't care about your code you can't
reach really security.

my 2 cents

rookie