acassis commented on code in PR #3059:
URL: https://github.com/apache/nuttx-apps/pull/3059#discussion_r2046764328
##########
canutils/slcan/slcan.c:
##########
@@ -137,8 +137,7 @@ static int caninit(char *candev, int *s, struct
sockaddr_can *addr,
syslog(LOG_ERR, "Error opening CAN socket\n");
return -1;
}
- strncpy(ifr.ifr_name, candev, 4);
- ifr.ifr_name[4] = '\0';
+ strlcpy(ifr.ifr_name, candev, IFNAMSIZ);
Review Comment:
@xiaoxiang781216 do you think these BUGS reported in the man pages aren't a
concern:
```
BUGS
All catenation functions share the same performance problem:
Shlemiel the painter.
As a mitigation, compilers are able to transform some calls to
catenation functions
into normal copy functions, since strlen(dst) is usually a byproduct
of the previous
copy.
strlcpy(3) and strlcat(3) need to read the entire src string, even if
the destination
buffer is small. This makes them vulnerable to Denial of Service
(DoS) attacks if an
attacker can control the length of the src string. And if not,
they're still unnecā
essarily slow.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
