Ethereal-dev: Re: [Ethereal-dev] strcpy harmful, what?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Andrew Hood <ajhood@xxxxxxxxx>
Date: Sat, 22 Oct 2005 18:30:10 +1000
Guy Harris wrote:
> Rich Coe wrote:
> 
>> I think that replacing strcpy with a library function that (eventually)
>> calls strcpy (strncpy)
> 
> 
> If any snprintf-like function calls strcpy() on %s strings, it's buggy,
> so that probably should be stated as "that (eventually) calls strncpy or
> strlcpy".  Replacing calls to strcpy() or strcat() is neither pointless
> nor stupid unless the calls in question have done *correct* bounds
> checking already, and it's probably a bit error prone either to
> 
>     1) require that the bounds checks be done correctly (as you have to
> check how much space is left in the string)
> 
> or even
> 
>     2) require that they be done at all.
> 
> One might argue that using strlcpy() and strlcat() would be better than
> using snprintf() or g_snprintf(); to do that, we'd have to supply our
> own strlcpy() and strlcat() if the platform for which we're building
> doesn't have them.

So include it (unless you have a problem with the BSD-style license),
and let configure decide if it needs to be compiled. Quote:

Availability

The source code for strlcpy() and strlcat() is available free of charge
and under a BSD-style license as part of the OpenBSD operating system.
You may also download the code and its associated manual pages via
anonymous ftp from ftp.openbsd.org in the directory
/pub/OpenBSD/src/lib/libc/string. The source code for strlcpy() and
strlcat() is in strlcpy.c and strlcat.c. The documentation (which uses
the tmac.doc troff macros) may be found in strlcpy.3.

-- 
There's no point in being grown up if you can't be childish sometimes.
                -- Dr. Who