[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: snprintf and strlcpy
|
From: |
Bruce Korb |
|
Subject: |
Re: snprintf and strlcpy |
|
Date: |
Sun, 21 Sep 2008 09:50:06 -0700 |
On Sat, Sep 20, 2008 at 4:33 AM, Bruno Haible <address@hidden> wrote:
> Marc Espie wrote:
>> Even in GNU-style, even with careful coding, stuff like snprintf and strlcpy
>> is useful.
>>
>> Sooner or later, you make a mistake. Granted, people find it eventually,
>> but in the mean time, you have a security hole.
>
> I disagree with this: I never use snprintf, because I know it would truncate
Hi Bruno,
I disagree with "never". :) You don't always have the option to allocate your
buffer (unless you want to allocate and copy, then free).
``strncpy'' and ``snprintf'' are great tools for the purpose for which they were
designed. viz. fixing up programs that got hijacked with buffer overrun
exploits. Using them stop these exploits without requiring a deep understanding
of the code you are fixing up. Unfortunately, since then, they've been built
up in mythology as "silver bullets". You have rightly pointed out that they
are not.
Anyway, my tool box has an snprintf wrapper: snprintf_must_fit(). :)
I have found that to be useful.
Cheers - Bruce
Re: libintl.h warnings with -Wundef, Ralf Wildenhues, 2008/09/20