At 12:15 AM +0200 7/16/99, Sheldon Hearn wrote:
>[Hijacked from freebsd-security]
For those who missed the original article, here's the initial
topic (from Paul Hart, but truncated a bit):
I was just reviewing the proceedings from the USENIX 1999
Annual Technical Conference where Todd Miller and Theo de Raadt
presented a paper on two new functions that OpenBSD has
integrated into libc. The new functions, strlcpy(3) and
strlcat(3), are intended to provide an easily understood
means of safe string copying and concatenation to programmers.
I was impressed by the paper and wondered if anyone besides
myself would be amenable to including them in FreeBSD's libc.
If you are a USENIX member you can access the text of the
paper at:
http://www.usenix.org/events/usenix99/millert.html
(or check:)
Paper: http://www.openbsd.org/papers/strlcpy-paper.ps
Slides (worth looking at too):
http://www.openbsd.org/papers/strlcpy-slides.ps
In reply to that, I mentioned some routines that I have
been meaning to write, to address what I saw as the problems
with using strncat and strncpy (before I had heard of the
strl* routines). Sheldon is arguing against the routines I
was talking about, not the strl* routines that Paul referred
to...
>On Thu, 15 Jul 1999 17:33:29 -0400, Garance A Drosihn wrote:
>> What I wanted to do was have "estr" routines, where the
>> destination is specified as the starting point and the
>> ending point of the area available for the string (as two
>> parameters). The routines would return the position of
>> the current string-terminator. So you could do things like:
>
> As I understand it, the goal here is to return to the caller
> the number of bytes copied (however you represent it), so
> that the caller can easily determine whether or not it is
> safe for operations demanding a null-terminated string.
Um, no. that certainly was not my intention with the estr*
ideas... It was noticed as a side-effect of what I ended up
with, but it wasn't the main objective.
> And since the prototypes for fooncpy and fooncat above match
> exactly those of the proposed strlcpy and strlcat respectively
> (just had a look before I "hit the send button"), I'd say that
> the latter two are definitely the functions you want.
Well, they aren't exactly the functions *I* would want, but that
isn't really the point. I do think the strl* routines are a good
idea to have. I would like to see them included in "standard C"
(or at least FreeBSD), because they are better (IMO) than using
strncat and strncpy to avoid buffer overflows. Even looking over
my OWN code, I come across times that I've used strncat or strncpy
wrong.
So, while I still SLIGHTLY prefer my estr* ideas over the strl*
ideas, it isn't enough that I would argue against the strl*
routines being standard. (and the more platforms that have
them, the better).
---
Garance Alistair Drosehn = g...@eclipse.acs.rpi.edu
Senior Systems Programmer or dro...@rpi.edu
Rensselaer Polytechnic Institute
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-hackers" in the body of the message
