Re: unsafe strlcpy

To: tech-security%netbsd.org@localhost
Subject: Re: unsafe strlcpy
From: mlelstv%serpens.de@localhost (Michael van Elst)
Date: Sun, 9 Feb 2020 06:42:12 -0000 (UTC)

max%m00nbsd.net@localhost (Maxime Villard) writes:

>I think that strlcpy has a bad design and should be replaced by the safer
>copystr.

Neither strlcpy nor copystr is safe, and in netbsd32_ioctl it should just
be replaced with memcpy().

>In PPPoE I think we should drop the string stuff, calling printf is already a
>bad idea anyway.

The correct way is to safely parse the input, e.g. with strnvisx.

-- 
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."

References:
- unsafe strlcpy
  - From: Maxime Villard

Prev by Date: unsafe strlcpy
Next by Date: Re: unsafe strlcpy
Previous by Thread: unsafe strlcpy
Next by Thread: Re: unsafe strlcpy
Indexes:

Home | Main Index | Thread Index | Old Index