This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
Re: [libc-alpha] Re: [open-source] Re: Wish for 2002
> Date: Tue, 08 Jan 2002 16:59:10 -0600
> From: Francois Leclerc <leclerc@austin.sns.slb.com>
>
> What shocked me was that a 2001 article was still quoting 36 occurences
> of "strcpy" in a subset of glibc affecting 900+ places.
> http://www.linuxdevices.com/eljonline/issue06/5457s1t.html
strcpy can be used perfectly safely, with no vulnerabilities whatsoever.
Its use in glibc does not mean there are any vulnerabilities in glibc.
It would be a mistake to rewrite glibc to use strlcpy instead of strcpy,
as that would make the code bigger, slower, and harder to read.
Also, I suspect that such a rewrite wouldn't fix a single security hole.
(If I'm wrong, please correct me.)