On Sun, Jan 27, 2019 at 01:07:05AM -0500, 0sjfoij...@firemail.cc wrote:
> Recently on LCA2019, Joel Sing made a presentation about "Security
> Vulnerability Mitigations"[1]
> (very good, btw). He suggests function strlcpy(3) as a secure API.
> In the same conference, though, Kees Cook ("Making C Less Dangerous in the
> Linux kernel"[2]),
> recommends strscpy() as more secure. So, my question is: what's the best to
> use?
>
if i understand correctly, strscpy() works just like strlcpy():
size_t
strlcpy(char *dst, const char *src, size_t dstsize);
ssize_t
strscpy(char *dest, const char *src, size_t count);
with the only difference being that strlcpy() returns an unsigned size_t
which would be the size it would have written, then strscpy() returns an
ssize_t which returns the size or -E2BIG in case of an overflow.
quite frankly, i think the claim that strscpy() is safer, easier or that
it makes overflow easier to detect is bullshit for lack of a better word
given that they both work very similar:
if (strlcpy(dest, src, sizeof dest) >= sizeof dest) {
// overflow
}
if (strscpy(dest, src, sizeof dest) == -E2BIG) {
// overflow
}
and that strscpy() is essentially strlcpy() in NIH disguise:
ssize_t
strscpy(char *dest, const char *src, size_t count)
{
ssize_t ret;
if ((ret = strlcpy(dest, src, count)) >= count)
return -E2BIG;
return ret;
}
just my opinion
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
