[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[sr #107522] Use of dangerous/banned functions
|
From: |
Jeffrey Walton |
|
Subject: |
[sr #107522] Use of dangerous/banned functions |
|
Date: |
Thu, 18 Nov 2010 03:21:44 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.04 (lucid) Firefox/3.6.12 |
Follow-up Comment #6, sr #107522 (project gnutls):
Hi Simon,
This statement needs a little more elaboration:
> So the policy [which I prefer] is "secure, robust, efficient, and portable
code."
== Secure ==
Here's the signature for a secure strcpy (less restricted pointers).
Obviously, the const on the pointers can be dropped but I prefer them until
otherwise.
Many folks don't care for it (especially if the function asserts), but if
fully specifies all parameters. It returns success, bad parameter, or
truncation.
errno_t safe_str_copy(char* const pDest, size_t nDest,
const char* const pSrc, size_t nSrc, size_t nCount);
== Robust ==
For "robust", the project will have to determine what to do. I personally
think perror/exit is the least desired combination. But sometimes its all you
have.
== Efficient ==
Make one pass, do things in less than (or equal to) O(n), and turn to the
native ASM memcpy (which should already be done).
== Portable ==
Use wrappers and (a) strcpy_s or StringCbCopy on Microsoft (b) strlcpy on BSD
and Solaris, and (c) memcpy on GNU systems.
Jeff
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?107522>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/