| |||||||||||||
The ups and downs of strlcpy()The ups and downs of strlcpy()Posted Jul 20, 2012 20:31 UTC (Fri) by bronson (subscriber, #4806)In reply to: The ups and downs of strlcpy() by jimparis Parent article: The ups and downs of strlcpy()
Yes, but is libc told how the string is being used? No.
So what's the only safe thing for libc to do when it notices that initial conditions are invalid?
(Log in to post comments)
The ups and downs of strlcpy() Posted Jul 21, 2012 4:19 UTC (Sat) by cmccabe (guest, #60281) [Link]
libc can't "notice that the conditions are invalid," because C IS NOT A MANAGED LANGUAGE.
We all make copy and paste errors and all other things being equal, long, hard to inspect C code is less secure than short and clear code.
The ups and downs of strlcpy() Posted Jul 25, 2012 2:00 UTC (Wed) by bronson (subscriber, #4806) [Link]
You don't need a managed language to make strlcpy abort instead of truncating.
I agree with the rest of your comment.
|
|||||||||||||