On Sun, Mar 18, 2007 at 11:47:46AM -0500, [EMAIL PROTECTED] wrote:
> In the ports I maintain I usually silence all the str*/sprintf warnings
> by replacing them with strl* or snprintf. However in more than one port
> update I'm working on, I notice that the authors have chosen to do this
> rather than use strl*/strn*:
>
> [...]
> char kdir[ MAXPATHLEN ];
> [...]
> if ( strlen( path ) >= MAXPATHLEN ) {
> fprintf( stderr, "%s: path too long\n", path );
> exit( 2 );
> }
> strcpy( kdir, path );
> [...]
>
> So my question is: should I leave the above code alone, or
> is it preferred to always replace strcat/strcpy/sprintf with
> strlcat/strlcpy/snprintf (checking return values of course)?
>
> Thanks.
One large benefit of strlcpy is that it's hard to go wrong, and the
code does not need to be looked at, thus giving you more time to fix
other issues.
The best practice is to try to convince the authors of the software to
use strlcpy and snprintf, and to point them to the existing replacements
in OpenBSD.
In fact, it would make *a lot* of sense if someone were to produce some
autoconf/automake macro that checks for strlcpy and friends, and
automatically provides replacements if they're not there...
