From owner-freebsd-hackers Wed Feb 12 01:21:09 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id BAA17905 for hackers-outgoing; Wed, 12 Feb 1997 01:21:09 -0800 (PST) Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id BAA17900 for ; Wed, 12 Feb 1997 01:21:06 -0800 (PST) Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id KAA29855; Wed, 12 Feb 1997 10:20:56 +0100 Received: (from j@localhost) by uriah.heep.sax.de (8.8.5/8.6.9) id JAA29311; Wed, 12 Feb 1997 09:54:52 +0100 (MET) Message-ID: Date: Wed, 12 Feb 1997 09:54:52 +0100 From: j@uriah.heep.sax.de (J Wunsch) To: danny@panda.hilink.com.au (Daniel O'Callaghan) Cc: hackers@freebsd.org Subject: Re: strlen() question References: X-Mailer: Mutt 0.55-PL10 Mime-Version: 1.0 X-Phone: +49-351-2012 669 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) In-Reply-To: ; from Daniel O'Callaghan on Feb 12, 1997 18:04:59 +1100 Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk As Daniel O'Callaghan wrote: > Below is the code for strlen() from libc. It is extremely simple, and > fast. Is it really safe to assume that strlen() will never exceed process > memory bounds before striking a '\0'? Or should there be a strnlen() > function in libc for checking the length of suspicious strings? Why? The worst that would happen by touching off the end of your address space is a SIGSEGV. The problem with str*cpy() touching beyond the bounds of their arrays is that they can _modify_ the stack then, but that can't happen with strlen() since it doesn't modify anything. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)