nmh-workers
[Top] [All Lists]

Re: [Nmh-workers] OpenBSD added to the buildbot cluster

2013-12-15 23:34:39
my gripe with strlcat, strlcpy, and similar is silent truncation. the
openbsd team once sent me a huge block of diffs for bind8, altering
every strcpy to strlcpy, and so on. i rejected it, since silent
truncation is no less wrong than overflowing an array would be, and no
less likely to result in a security vulnerability. i did my own audit,
modifying some occurrences of strcat by prepending them with:

assert(strlen(x) + strlen(y) < sizeof z);

because if the code is wrong i want it dead, not continuing lobotomized.

my changes were not well taken by the openbsd team.

vixie

_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread] Current Thread [Next in Thread>