Re: Theo chiming in on strlcpy

To: Marc Espie <espie%nerim.net@localhost>
Subject: Re: Theo chiming in on strlcpy
From: David Holland <dholland-pkgtech%netbsd.org@localhost>
Date: Sat, 21 Dec 2013 23:20:09 +0000

On Sat, Dec 21, 2013 at 08:58:32PM +0100, Marc Espie wrote:
 > > Not only have I thought about it, I've been patching insecure code as
 > > long as just about anyone. I just don't happen to agree with your
 > > dogma.
 > 
 > Well, aren't you getting tired of patching the same mistakes again
 > and again ?

If you consider

   char buf[16];
   strcpy(buf, "foo");
   strcat(buf, "/");
   strcat(buf, "bar");

a "mistake", then of course you're going to get tired of patching it
again and again. But that's not fixing security problems; it's tilting
at windmills.

You're reminding me of something Francis Glassborow posted on
comp.std.c a long time back during a similar argument:

   Coding standards are not a substitute for competence.

-- 
David A. Holland
dholland%netbsd.org@localhost

References:
- Theo chiming in on strlcpy
  - From: Marc Espie
- Re: Theo chiming in on strlcpy
  - From: Hubert Feyrer
- Re: Theo chiming in on strlcpy
  - From: Marc Espie
- Re: Theo chiming in on strlcpy
  - From: David Holland
- Re: Theo chiming in on strlcpy
  - From: Marc Espie
- Re: Theo chiming in on strlcpy
  - From: David Holland
- Re: Theo chiming in on strlcpy
  - From: Marc Espie

Prev by Date: Re: Theo chiming in on strlcpy
Next by Date: Re: Theo chiming in on strlcpy
Previous by Thread: Re: Theo chiming in on strlcpy
Next by Thread: Re: Theo chiming in on strlcpy
Indexes:

Home | Main Index | Thread Index | Old Index