my gripe with strlcat, strlcpy, and similar is silent truncation. the
openbsd team once sent me a huge block of diffs for bind8, altering
every strcpy to strlcpy, and so on. i rejected it, since silent
truncation is no less wrong than overflowing an array would be, and no
less likely to result in a security vulnerability. i did my own audit,
modifying some occurrences of strcat by prepending them with:
assert(strlen(x) + strlen(y) < sizeof z);
because if the code is wrong i want it dead, not continuing lobotomized.
my changes were not well taken by the openbsd team.
Nmh-workers mailing list