[Top] [All Lists]

Re: [Nmh-workers] OpenBSD added to the buildbot cluster

2013-12-17 17:53:53
On Sun, 15 Dec 2013 21:34:04 -0800, Paul Vixie wrote:

my gripe with strlcat, strlcpy, and similar is silent truncation. the
openbsd team once sent me a huge block of diffs for bind8, altering
every strcpy to strlcpy, and so on. i rejected it, since silent
truncation is no less wrong than overflowing an array would be, and no
less likely to result in a security vulnerability. i did my own audit,
modifying some occurrences of strcat by prepending them with:

Actually, strlcpy and strlcat make it easier to detect truncation
since they return the total number of bytes needed for the string.
It's basically the same as with snprintf().  Here's an example from
the man page:

   char *dir, *file, pname[PATH_MAX];


   if (strlcpy(pname, dir, sizeof(pname)) >= sizeof(pname))
           goto toolong;
   if (strlcat(pname, file, sizeof(pname)) >= sizeof(pname))
           goto toolong;

I'll assert that using the return value is less error-prone than
doing the check first since there is no arithmetic involved and it
is more likely for the checked value to stay in sync with the size

It's unfortunate that some people using strlcpy/strlcat don't use
the return value but the same is true of snprintf().  It's not the
fault of the API...

 - todd

Nmh-workers mailing list

<Prev in Thread] Current Thread [Next in Thread>