Re: strcpy versus strncpy

Wietse Venema (wietse@PORCUPINE.ORG)
Tue, 03 Mar 1998 19:09:21 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mark Walker: "Re: strcpy versus strncpy"
Previous message: Ben Laurie: "Re: strcpy versus strncpy"
Maybe in reply to: Morten Welinder: "strcpy versus strncpy"
Next in thread: Mark Walker: "Re: strcpy versus strncpy"

Kragen:
> Well, the question is, what do you do with strings that are too long? Do
> you (a) dynamically allocate memory for them, (b) silently truncate them,
> (c) return an error, or (d) let them overflow your buffers and crash your
> program in interesting and possibly-exploitable ways?
> [...]
> I think that (c) is better -- as you said -- in situations where there
> is the potential for DoSes.
>
> strncpy, strncat, snprintf, et al., don't support (c) very well. Small
> wrapper functions to do (c) (much like djb's stralloc functions, which
> support (a), used throughout qmail) would greatly facilitate it.

Wietse's VMailer (www.vmailer.org) MTA uses a different approach:
string lengths are limited upon entry, and the number of instances
of any object is limited as well. The limits are generous enough
that they do not get in the way of normal operation. Because of
these limits, the programs can use straightforward (a) style memory
allocation without nasty unbounded memory allocation problems.

Wietse

Next message: Mark Walker: "Re: strcpy versus strncpy"
Previous message: Ben Laurie: "Re: strcpy versus strncpy"
Maybe in reply to: Morten Welinder: "strcpy versus strncpy"
Next in thread: Mark Walker: "Re: strcpy versus strncpy"