Re: strcpy versus strncpy

From: Eivind Eklund (eivindat_private)
Date: Tue Mar 03 1998 - 00:53:17 PST

Next message: Michael Ballbach: "updatedb: sort patch"

Previous message: Niall Smart: "Vulnerabilites in some versions of info2www CGI"
Maybe in reply to: Morten Welinder: "strcpy versus strncpy"
Next in thread: Kragen: "Re: strcpy versus strncpy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Mar 03, 1998 at 01:31:24AM +0100, Morten Welinder wrote:
> A recent article on BugTraq suggested that using strcpy should
> almost always be considered a bug.  That's not right.  It is,
> in fact, the wrong way around: strncpy is almost always a bug.
>
> True, strncpy will avoid buffer overruns, but that only proven
> that strncpy is better than incorrect use of strcpy.  The problem
> is that such use of strncpy can introduce problems of its own:

The correct function to use for avoiding buffer overruns would be
sancpy() - strcpy with abort on overflow.  Too bad nothing have the
function available at the moment - it is on the list of possible
enhancements for FreeBSD.  The same goes for sanprintf().

Eivind.

Next message: Michael Ballbach: "updatedb: sort patch"
Previous message: Niall Smart: "Vulnerabilites in some versions of info2www CGI"
Maybe in reply to: Morten Welinder: "strcpy versus strncpy"
Next in thread: Kragen: "Re: strcpy versus strncpy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:43:40 PDT