Re: strcpy versus strncpy

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Michael Ballbach: "updatedb: sort patch"
• Previous message: Willy TARREAU: "Universal Wrapper"
• Maybe in reply to: Morten Welinder: "strcpy versus strncpy"
• Next in thread: Aleph One: "Re: strcpy versus strncpy"

Well, the question is, what do you do with strings that are too long? Do
you (a) dynamically allocate memory for them, (b) silently truncate them,
(c) return an error, or (d) let them overflow your buffers and crash your
program in interesting and possibly-exploitable ways?

M. W.'s point was that (b), which is strncpy's default behavior, is bad,
and (a) is better.

Your point is that (c) is better than (a), because (1) dynamically
allocating memory is error-prone and (2) dynamically allocating memory
is an opening for DoS atacks.

I think that either (a) or (c) is better than either (b) or (d). I
don't think anyone will disagree.

I do think that (b) is better than (d).

I think that (c) is better -- as you said -- in situations where there
is the potential for DoSes.

strncpy, strncat, snprintf, et al., don't support (c) very well. Small
wrapper functions to do (c) (much like djb's stralloc functions, which
support (a), used throughout qmail) would greatly facilitate it.

The checking required to make the s*n* functions do (c) instead of (b)
is roughly analogous to the checking required to make the s* functions
do (c) instead of (d).

Kragen

• Next message: Michael Ballbach: "updatedb: sort patch"
• Previous message: Willy TARREAU: "Universal Wrapper"
• Maybe in reply to: Morten Welinder: "strcpy versus strncpy"
• Next in thread: Aleph One: "Re: strcpy versus strncpy"