On Mon, 24 Oct 2016 13:08:22 -0600, "Anthony J. Bentley" said:
P Vixie writes:Strlcpy is completely bogus.What's silent about strlcpy? Just check the return value against the size of the buffer.
He didn't say it was silent. He said it was bogus.
From the manpage: https://www.freebsd.org/cgi/man.cgi?query=strlcpy&sektion=3
The strlcpy() and strlcat() functions return the total length of the
string they tried to create. For strlcpy() that means the length of src.
For strlcat() that means the initial length of dst plus the length of
src. While this may seem somewhat confusing, it was done to make
truncation detection simple.
Note however, that if strlcat() traverses size characters without finding
a NUL, the length of the string is considered to be size and the
destination string will not be NUL-terminated (since there was no space
for the NUL). This keeps strlcat() from running off the end of a string.
In practice this should not happen (as it means that either size is
incorrect or that dst is not a proper ``C'' string). The check exists to
prevent potential security problems in incorrect code.
In other words - if the source string doesn't fit, it will create a
non-NULL-terminated destination string for you. Repeat that, slowly, until it
sinks in.
pgppyuadswaAR.pgp
Description: PGP signature
_______________________________________________ Nmh-workers mailing list Nmh-workers(_at_)nongnu(_dot_)org https://lists.nongnu.org/mailman/listinfo/nmh-workers