[Top] [All Lists]

Re: [Nmh-workers] OpenBSD added to the buildbot cluster

2013-12-15 23:34:39
my gripe with strlcat, strlcpy, and similar is silent truncation. the
openbsd team once sent me a huge block of diffs for bind8, altering
every strcpy to strlcpy, and so on. i rejected it, since silent
truncation is no less wrong than overflowing an array would be, and no
less likely to result in a security vulnerability. i did my own audit,
modifying some occurrences of strcat by prepending them with:

assert(strlen(x) + strlen(y) < sizeof z);

because if the code is wrong i want it dead, not continuing lobotomized.

my changes were not well taken by the openbsd team.


Nmh-workers mailing list

<Prev in Thread] Current Thread [Next in Thread>