Date: Fri, 11 Jan 2002 00:22:21 +0200 From: Valentin Nechayev <netch@iv.nn.kiev.ua> To: tech@openbsd.org, hackers@freebsd.org Subject: strlcat manpage Message-ID: <20020111002221.A571@iv.nn.kiev.ua>
next in thread | raw e-mail | index | archive | help
There was a fresh discussion in some maillists (security-audit, glibc-alpha) of strlcpy() and strlcat() in context of possible inclusion to glibc. Among others, the question was spoken that strlcat manpage contains a dark moment of strlcat() return value. One should agree with affirmation that strlcat() must not check characters after dst[size-1], the first reason is that memory block can end here; but, James Antill reported that Sun programmers lost their mind and checks full length of dst as a source nul-terminated string. (I didn't check his report.) In this context, I think the following patch should be applied to provide explicit clarification of this moment and full accordance with source code. --- strlcpy.3.0 Thu Jan 10 23:24:42 2002 +++ strlcpy.3 Thu Jan 10 23:48:22 2002 @@ -114,11 +114,9 @@ .Fa src . For .Fn strlcat -that means the initial length of -.Fa dst -plus -the length of -.Fa src . +that means min(size, strlen(dst)) + strlen(src) (but, +.Fn strlcat +never reads memory after dst[size-1]). While this may seem somewhat confusing it was done to make truncation detection simple. .Sh EXAMPLES /netch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020111002221.A571>