[patch] abuse of strncpy
Peter Kjellerstedt
peter.kjellerstedt at axis.com
Fri Jun 2 08:48:32 PDT 2006
> -----Original Message-----
> From: busybox-bounces at busybox.net
> [mailto:busybox-bounces at busybox.net] On Behalf Of Tito
> Sent: Friday, June 02, 2006 14:20
> To: busybox at busybox.net; wharms at bfs.de
> Subject: Re: [patch] abuse of strncpy
>
> On Friday 2 June 2006 10:07, walter harms wrote:
> > Hi Erik good catch,
> > if you are concerned about security why not use strlcpy() or a bb
> > supplied bb_strlcpy() if its not available ?.
>
> Hi,
> In libbb we have it ;-)
>
> /* Like strncpy but make sure the resulting string is always
> 0 terminated. */
> char * safe_strncpy(char *dst, const char *src, size_t size)
> {
> dst[size-1] = '\0';
> return strncpy(dst, src, size-1);
> }
Is it just me that find the name safe_strncpy() somewhat misleading
when looking at its implementation? What if size == 0?
I would suggest it is changed to the following:
char * safe_strncpy(char *dst, const char *src, size_t size)
{
if (!size) {
return dst;
} else {
dst[size-1] = '\0';
return strncpy(dst, src, size-1);
}
}
And on the related subject of renaming the above function to
bb_strlcpy(), that would be totally misleading, as strlcpy() has
totally different semantics and functionality.
//Peter
More information about the busybox
mailing list