On Tue, Mar 03, 1998 at 01:31:24AM +0100, Morten Welinder wrote: > A recent article on BugTraq suggested that using strcpy should > almost always be considered a bug. That's not right. It is, > in fact, the wrong way around: strncpy is almost always a bug. > > True, strncpy will avoid buffer overruns, but that only proven > that strncpy is better than incorrect use of strcpy. The problem > is that such use of strncpy can introduce problems of its own: The correct function to use for avoiding buffer overruns would be sancpy() - strcpy with abort on overflow. Too bad nothing have the function available at the moment - it is on the list of possible enhancements for FreeBSD. The same goes for sanprintf(). Eivind.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:43:40 PDT