> In message <[EMAIL PROTECTED]> Mike Smith writes:
> : I still think this is the wrong way to deal with the problem. 8)
>
> We mildly disagree here. The strl* functions are the end all, be all
> of security. They are just designed to make the existing code that
> uses static buffers easy to make more robust w/o radically altering
> that code.
>
> Of course, strings have always been weak in 'C'. You make them static
> and they overflow. You malloc them, and often people forget to free
> them later leading to other problems...
With the addition of a "not" in your first paragraph, I actually think
we're in agreement here. I'm just maintaining that in most of the
in-tree cases where static buffers are used, a dynamic buffer would
have been a better design choice; you might want to disagree there too
of course. 8)
Regardless, we should definitely adopt these functions for no other
reason than portability, no argument there.
--
\\ The mind's the standard \\ Mike Smith
\\ of the man. \\ [EMAIL PROTECTED]
\\ -- Joseph Merrick \\ [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
