[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] OpenBSD added to the buildbot cluster

From: Paul Vixie
Subject: Re: [Nmh-workers] OpenBSD added to the buildbot cluster
Date: Sun, 15 Dec 2013 21:34:04 -0800
User-agent: Postbox 3.0.8 (Windows/20130427)

my gripe with strlcat, strlcpy, and similar is silent truncation. the
openbsd team once sent me a huge block of diffs for bind8, altering
every strcpy to strlcpy, and so on. i rejected it, since silent
truncation is no less wrong than overflowing an array would be, and no
less likely to result in a security vulnerability. i did my own audit,
modifying some occurrences of strcat by prepending them with:

assert(strlen(x) + strlen(y) < sizeof z);

because if the code is wrong i want it dead, not continuing lobotomized.

my changes were not well taken by the openbsd team.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]