On Fri, 22 Sep 2006 12:52:43 +0200, Siju George <[EMAIL PROTECTED]>
wrote:
I understand that the OpenBSD team has replaced strcpy() with
strlcpy() in their tree.
It has not been replaced, there is just a warning.
How did you people do it? Do we have to manually go to each place and
make the change or is there any tool to automate the process?
strcpy is a common trap, as it relies on the implicit size of the target
buffer, something that might be specified at a completely different
location of the source code, if it is specified at all. So, whenever you
are using strcpy, you are working with an implicit assumption that the
target buffer is large enough. Check security mailinglists for how often
people got this assumption wrong.
Using strlcpy, you have to explicitly specify the size of the target
buffer, requiring you to think about you buffer size and to look up the
exact value. This has the advantage that:
- You have to think about it.
- You have to explicitly state what you thought, enabling
others to follow your thoughts.
- The system can prevent the worst at run-time by truncating strings.
Of course, when you have to think then it means the system cannot do it
for you.
Bernd
