Ethereal-dev: Re: [Ethereal-dev] What does the "maxlength" argument to "tvb_get_nstringz*" mea

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Timo Sirainen <tss@xxxxxx>
Date: 29 Apr 2003 18:57:12 +0300
On Tue, 2003-04-29 at 18:05, Gerald Combs wrote:
> > 	1) the maximum number of non-'\0' characters copied
> > 	2) the size of the buffer into which the string is being copied.
> I'm leaning towards 2), since it errs on the side of safety.

Yes, and that's the way most other string functions work (snprintf,
strlcpy, etc.).

> Of course, we could avoid the whole mess and use safer strings in the
> first place:
> 
>     http://developer.gnome.org/doc/API/glib/glib-strings.html

This would be even better, although I think it's a bit annoying having
to free the strings.

Here's a few other possibilities:

#define INIT_BUFFER(buf) { buf, sizeof(buf) }
char name_buf[256];
buffer_t name = INIT_BUFFER(name_buf);

buffer_append(&name, stuff, 200);
buffer_append(&name, stuff, 200); // fails.

Or with data stack (http://irccrew.org/~cras/security/data-stack.html)
you could skip the char name_buf[256] part.

http://irccrew.org/~cras/security/lib/ has existing pretty small safe
buffer implementation.