Thanks Erich! What's the purpose of <maxSrcSize>? I can imagine a few reasons so I'm not saying there isn't one, but I'm curious why you chose to use it. Several other attempts at "safe" strcpy() that I've looked at don't use <maxSrcSize>, I think giving the reasoning that it just gives another opportunity for developer error.
Also, do you have a detailed description in we can discuss, for the behavior of OICStrcpy()? For example: 1) Does it zero-fill <dest> out to <maxDestSize>? 2) What does it do if <maxDestSize> is less than <maxSrcSize>? 3) What does it do if <maxDestSize> is equal to <maxSrcSize>, but <src> is not NUL-terminated (NUL being the name for '\0')? 4) What does it do if <maxDestSize> is actually larger than the buffer pointed to by <dest>? 5) What does it do if <dest> and/or <src> are NULL? 6) What does it do if <dest> and/or <src> are not NULL, but are not accessible? 7) Where does it place the NUL character (e.g. is it at index <maxDestSize>-1, or <maxSrcSize>-1, or the NUL character location in src, whichever of these three is smaller?) 8) ... and anything else I forgot off the top of my head ;) These are good behaviors to define in the API description so that folks like me know when to use and when not use OICStrcpy(). I'm not trying to be a smart aleck, really! I've just got a vested interest in how this works since we are making heavy use of forced NUL-termination throughout our Security Resource Manager code, and I'll love to remove it in favor of a standardized approach. Thanks, Nathan -----Original Message----- From: Keane, Erich Sent: Wednesday, May 20, 2015 4:07 PM To: Heldt-Sheller, Nathan Cc: Lankswert, Patrick; iotivity-dev at lists.iotivity.org; Light, John J Subject: Re: [dev] coding tip .... and warning I wans't aware of those, but they are actually somewhat similar to what I was doing. I was leaning towards: OICStrcpy(char* dest, size_t maxDestSize, const char* source, size_t maxSrcSize); I was using strncpy_S from microsoft as my template. Additionally, I want to guarantee that it will append \0 in the last spot of the dest array. -Erich On Wed, 2015-05-20 at 23:02 +0000, Heldt-Sheller, Nathan wrote: > Erich can you share what "safe" version you are using as a replacement? Are > you aware of strlcpy and strlcat? > > Thanks, > Nathan > > -----Original Message----- > From: iotivity-dev-bounces at lists.iotivity.org > [mailto:iotivity-dev-bounces at lists.iotivity.org] On Behalf Of > Lankswert, Patrick > Sent: Wednesday, May 20, 2015 12:55 PM > To: Keane, Erich; Light, John J > Cc: iotivity-dev at lists.iotivity.org > Subject: Re: [dev] coding tip .... and warning > > Erich, > > Thank you. I do not know why developers still think that strncpy() is safe. > It is better than strcpy() but not safer. > > Pat > > > -----Original Message----- > > From: iotivity-dev-bounces at lists.iotivity.org [mailto:iotivity-dev- > > bounces at lists.iotivity.org] On Behalf Of Keane, Erich > > Sent: Tuesday, May 19, 2015 6:27 PM > > To: Light, John J > > Cc: iotivity-dev at lists.iotivity.org > > Subject: Re: [dev] coding tip .... and warning > > > > Thanks John! > > > > I've noticed a handful of those done incorrectly as well and have > > been fixing them. > > > > The next fix that I'm working on is replacing all of our > > strncpy/strcpy/strcat/strncat usages with a 'safe' version (or at > > least with all the troubles in 1 place!), so hopefully I'll get to > > fix most of them along the way. > > > > > > On Tue, 2015-05-19 at 22:24 +0000, Light, John J wrote: > > > It is gratifying to see more use of length protected string > > > copies, but is important that they be done properly. > > > > > > > > > > > > I don?t see any > > > > > > > > > > > > strcpy(to, from); > > > > > > > > > > > > but I do see more than one > > > > > > > > > > > > strncpy(to, from, strlen(from)); > > > > > > > > > > > > and > > > > > > > > > > > > strncpy(to, from, sizeof (from)); > > > > > > > > > > > > Both of these are equivalent to strcpy, and should be avoided. > > > > > > > > > > > > It is critical that the third argument of strncpy be the amount of > > > storage in the first argument (the destination). > > > > > > > > > > > > I am correcting the ones I find. > > > > > > > > > > > > John Light > > > > > > Intel OTC OIC Development > > > > > > > > > _______________________________________________ > > > iotivity-dev mailing list > > > iotivity-dev at lists.iotivity.org > > > https://lists.iotivity.org/mailman/listinfo/iotivity-dev > > > > _______________________________________________ > > iotivity-dev mailing list > > iotivity-dev at lists.iotivity.org > > https://lists.iotivity.org/mailman/listinfo/iotivity-dev > _______________________________________________ > iotivity-dev mailing list > iotivity-dev at lists.iotivity.org > https://lists.iotivity.org/mailman/listinfo/iotivity-dev
