Date: Thu, 15 Jul 1999 11:11:22 -0600 From: Brett Glass <brett@lariat.org> To: Paul Hart <hart@iserver.com>, freebsd-security@FreeBSD.ORG Subject: Re: OpenBSD's strlcpy(3) and strlcat(3) Message-ID: <4.2.0.58.19990715110902.044e7cc0@localhost> In-Reply-To: <Pine.BSF.3.96.990715102711.19105A-100000@anchovy.orem.iser ver.com>
next in thread | previous in thread | raw e-mail | index | archive | help
When I met him at Def Con, Mike Smith pooh-poohed Theo's presentation. I've looked it over on my own, however, and think that Theo has some good points. In particular, the notion that one should be able to detect and react to unexpected truncation of a string is a good one. I'd like to see these functions in FreeBSD's standard libraries, and to see them used in FreeBSD's kernel and userland. --Brett At 10:47 AM 7/15/99 -0600, Paul Hart wrote: >I was just reviewing the proceedings from the USENIX 1999 Annual Technical >Conference where Todd Miller and Theo de Raadt presented a paper on two >new functions that OpenBSD has integrated into libc. The new functions, >strlcpy(3) and strlcat(3), are intended to provide an easily understood >means of safe string copying and concatenation to programmers. Of course, >strcpy(3) and strcat(3) have obvious dangers, but their standardized >intended replacements, strncpy(3) and strncat(3), suffer from some subtle >dangers as well that can trip up even experienced programmers. > >I was impressed by the paper and wondered if anyone besides myself would >be amenable to including them in FreeBSD's libc. Are there members of the >FreeBSD core and community that would be interested in importing these new >functions? The semantics of strncpy(3) and strncat(3) have struck me as >warts on the C standard for some time. I'm not sure what debate took >place on the standardization committee, but whatever it was seems to have >produced some strange results. > >If you are a USENIX member you can access the text of the paper at: > > http://www.usenix.org/events/usenix99/millert.html > >Paul Hart > >-- >Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. >hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.19990715110902.044e7cc0>