> In message <[email protected]> Mike Smith writes: > : I still think this is the wrong way to deal with the problem. 8) > > We mildly disagree here. The strl* functions are the end all, be all > of security. They are just designed to make the existing code that > uses static buffers easy to make more robust w/o radically altering > that code. > > Of course, strings have always been weak in 'C'. You make them static > and they overflow. You malloc them, and often people forget to free > them later leading to other problems...
With the addition of a "not" in your first paragraph, I actually think we're in agreement here. I'm just maintaining that in most of the in-tree cases where static buffers are used, a dynamic buffer would have been a better design choice; you might want to disagree there too of course. 8) Regardless, we should definitely adopt these functions for no other reason than portability, no argument there. -- \\ The mind's the standard \\ Mike Smith \\ of the man. \\ [email protected] \\ -- Joseph Merrick \\ [email protected] To Unsubscribe: send mail to [email protected] with "unsubscribe freebsd-hackers" in the body of the message
