This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
Re: [open-source] Re: Wish for 2002 ...
On Jan 11, 2002, Valentin Nechayev <netch@iv.nn.kiev.ua> wrote:
> requires programmer to keep real buffer size in sight.
That's the error in the approach. As written before, the GNU project
recommends programs to avoid arbitrary limitations such as fixed-size
buffers. So strlcat/cpy are contrary to the GNU way.
> Unless C were muted to support reliable strings, at least similar to
> C++ std::string class, programmers will use dangerous strcpy/strcat
> stuff and make errors in this use.
If that's what programmers will use, what's the point of adding
strlcpy/cat? :-P :-D
> that matters it helps against bugs
Against buffer overflow bugs, no more. And it will help introduce
another class of bugs that fixed-size buffers will never be able to
overcome.
One approach I like very much is that of stralloc, that I first saw in
Amanda code. Concatenating multiple strings into a newly-allocated
buffer created with the right size is as simple as stralloc(string1,
string2, ..., NULL);
It's an unfortunate thing that, if the NULL is left out, you'll not
get a hard error at compile time, and if the chunk of code isn't
exercised very often, you may end up with an exploitable run-time
crash. I still find this better than being connected to
ahost.mysite.com instead of ahost.mysite.com.br just because the
implementor chose a 24-byte buffer and used strlcat to concat
"http://" to the FQDN host name.
--
Alexandre Oliva Enjoy Guarana', see http://www.ic.unicamp.br/~oliva/
Red Hat GCC Developer aoliva@{cygnus.com, redhat.com}
CS PhD student at IC-Unicamp oliva@{lsd.ic.unicamp.br, gnu.org}
Free Software Evangelist *Please* write to mailing lists, not to me