nmh-workers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] OpenBSD added to the buildbot cluster

From: Todd C. Miller
Subject: Re: [Nmh-workers] OpenBSD added to the buildbot cluster
Date: Tue, 17 Dec 2013 16:53:21 -0700 
On Sun, 15 Dec 2013 21:34:04 -0800, Paul Vixie wrote:

> my gripe with strlcat, strlcpy, and similar is silent truncation. the
> openbsd team once sent me a huge block of diffs for bind8, altering
> every strcpy to strlcpy, and so on. i rejected it, since silent
> truncation is no less wrong than overflowing an array would be, and no
> less likely to result in a security vulnerability. i did my own audit,
> modifying some occurrences of strcat by prepending them with:

Actually, strlcpy and strlcat make it easier to detect truncation
since they return the total number of bytes needed for the string.
It's basically the same as with snprintf().  Here's an example from
the man page:

   char *dir, *file, pname[PATH_MAX];

   ...

   if (strlcpy(pname, dir, sizeof(pname)) >= sizeof(pname))
           goto toolong;
   if (strlcat(pname, file, sizeof(pname)) >= sizeof(pname))
           goto toolong;

I'll assert that using the return value is less error-prone than
doing the check first since there is no arithmetic involved and it
is more likely for the checked value to stay in sync with the size
parameter.

It's unfortunate that some people using strlcpy/strlcat don't use
the return value but the same is true of snprintf().  It's not the
fault of the API...

 - todd
reply via email to
[Prev in Thread] Current Thread [Next in Thread]