Erich, Thank you. I do not know why developers still think that strncpy() is safe. It is better than strcpy() but not safer.
Pat > -----Original Message----- > From: iotivity-dev-bounces at lists.iotivity.org [mailto:iotivity-dev- > bounces at lists.iotivity.org] On Behalf Of Keane, Erich > Sent: Tuesday, May 19, 2015 6:27 PM > To: Light, John J > Cc: iotivity-dev at lists.iotivity.org > Subject: Re: [dev] coding tip .... and warning > > Thanks John! > > I've noticed a handful of those done incorrectly as well and have been fixing > them. > > The next fix that I'm working on is replacing all of our > strncpy/strcpy/strcat/strncat usages with a 'safe' version (or at least with > all > the troubles in 1 place!), so hopefully I'll get to fix most of them along the > way. > > > On Tue, 2015-05-19 at 22:24 +0000, Light, John J wrote: > > It is gratifying to see more use of length protected string copies, > > but is important that they be done properly. > > > > > > > > I don?t see any > > > > > > > > strcpy(to, from); > > > > > > > > but I do see more than one > > > > > > > > strncpy(to, from, strlen(from)); > > > > > > > > and > > > > > > > > strncpy(to, from, sizeof (from)); > > > > > > > > Both of these are equivalent to strcpy, and should be avoided. > > > > > > > > It is critical that the third argument of strncpy be the amount of > > storage in the first argument (the destination). > > > > > > > > I am correcting the ones I find. > > > > > > > > John Light > > > > Intel OTC OIC Development > > > > > > _______________________________________________ > > iotivity-dev mailing list > > iotivity-dev at lists.iotivity.org > > https://lists.iotivity.org/mailman/listinfo/iotivity-dev > > _______________________________________________ > iotivity-dev mailing list > iotivity-dev at lists.iotivity.org > https://lists.iotivity.org/mailman/listinfo/iotivity-dev
