LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

strlcpy

strlcpy

Posted Jun 12, 2003 3:51 UTC (Thu) by JoeBuck (subscriber, #2330)
Parent article: strlcpy

If you don't have a document anywhere, explaining these relatively small functions clearly enough so that any competent programmer can produce a correct implementation, there's a problem. "Just use our code" is OK, but doesn't really suffice for good security analysis unless you want everyone to do duplicate work.

Also, many common uses of strcpy are completely safe and more efficient than strlcpy. Removing every use is just superstition.

(Log in to post comments)

strlcpy

Posted Jun 12, 2003 7:46 UTC (Thu) by set (guest, #4788) [Link]

Linus claims to have maintained *BSD compatibility, though he
wrote the functions himself:

"Ok, I did my own versions, since (a) I had already started and your
patches wouldn't apply, and (b) I hate adding a zillion lines of extra
copyright notices for a 5-line function..."

(strlcat was added as well)

I dont think strcpy is the main target, as much as strncpy. Linus again:

"Yeah, "strncpy()" is a frigging disaster when it comes to '\0', in many
ways. We should probably disallow using strncpy(), and aim for a _sane_
implementation that does what we actually want (none of that zero-padding
crap, and _always_ put a NUL at the end). I bet that is what most current
strncpy() users actually would want."

A light grep of 2.5.70 shows many uses of strlcpy, strncpy, and strcpy
out there...

Paul

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds