[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] strncpy(3), die, die, die.

From: Todd C. Miller
Subject: Re: [Nmh-workers] strncpy(3), die, die, die.
Date: Mon, 24 Oct 2016 13:11:09 -0600

On Mon, 24 Oct 2016 18:59:36 -0000, P Vixie wrote:

> Copy or die, as the default behavior.
> Silent truncation should require explicit coding.
> Strlcpy is completely bogus.

Both snprintf() and strlcpy() make it fairly easy to detect whe the
buffer was too small, which is more than I can say for strncpy().
It is up to the programmer to actually check the return value.

That said, I certainly agree that proceeding with a truncated buffer
is the wrong thing to do.  Many (but not all) systems these days
provide asprintf() which dynamically allocates its buffer which can
solve a lot of these problems.
 - todd

reply via email to

[Prev in Thread] Current Thread [Next in Thread]