Date: Wed, 11 Aug 2004 20:38:32 +0000 From: "Thordur Ivar B." <thib@mi.is> To: freebsd-hackers@freebsd.org Subject: Re: Where is strnlen() ? Message-ID: <20040811203832.728c915b.thib@mi.is> In-Reply-To: <20040811200323.GA37059@xor.obsecurity.org> References: <20040811193254.6f0be2c2.thib@mi.is> <20040811200323.GA37059@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 11 Aug 2004 13:03:23 -0700 Kris Kennaway <kris@obsecurity.org> wrote: > On Wed, Aug 11, 2004 at 07:32:54PM +0000, Thordur Ivar B. wrote: > > While porting software from a friend wich was developed under Linux, I > > stumbled upon an error: src/socket.c:236: warning: implicit declaration of > > function`strnlen' > > > > Now my programming experience is nothing to brag about but I wonder why > > strnlen is not a part of FreeBSD's libc. I think that the use of strlen() > > insted of strnlen() could resault in buffer-overflow risks and my fellows > > (most of them are more experienced in the art of programming say that bounds > > checking is always good.) > > That's not a standard function outside the Linux world, and it's not > very necessary for security..no matter how you calculate the string > size, you still have to have your brain engaged when you copy it into > the destination buffer. > > Kris > A notable point. Still I would think that strnlen is a pretty neat functions to avoid dumb mistakes (actually malformed code.) But since it is non-standard, I guess I will have to "turn my brain on" ;> Anyway thanks for the responses. kv, thib[att]mi(dot).is -- A man can do as he will, but not will as he will. -- Arthur Schopenhauer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040811203832.728c915b.thib>