Re: strscpy

To: Taylor R Campbell <campbell+netbsd-tech-security%mumble.net@localhost>
Subject: Re: strscpy
From: Steffen Nurpmeso <steffen%sdaoden.eu@localhost>
Date: Sat, 30 May 2020 19:16:46 +0200

Taylor R Campbell wrote in
<20200530154159.0B34860AFB%jupiter.mumble.net@localhost>:
 |> Date: Sat, 30 May 2020 08:52:39 +0200
 |> From: Maxime Villard <max%m00nbsd.net@localhost>
 |> Le 29/05/2020 à 21:34, Taylor R Campbell a écrit :
 ..
 |>> There are over 5000 strlcpy calls in tree.  At most 250 of them (many
 |>> of these false positives) use the return value at all.
 ...
 |Some of them -- e.g., bin/pax/tar.c, ustar_rd; libexec/ftpd/conf.c,
 |format_path; usr.bin/ftp/ftp.c, gunique -- appear to use strlcpy under
 |the misapprehension that returns the length (in non-NUL bytes) of the
 |output string, not the length of the input string as strlcpy actually
 ...
 |Of course, if strwhatevercpy is _guaranteed_ to return the length of
 |the output string, we can't use a sentinel value -- whether -1 or
 |SIZE_MAX or size or size+1 like kre suggested -- to indicate
 ...

Fwiw. and whereas i am all for objects i have in public

  /*! Copy at most \a{n} bytes of \a{src} to \a{dst}, and return \a{dst} again.
   * Returns \NIL if \a{dst} is not large enough; \a{dst} will always be
   * terminated unless \a{n} was 0 on entry.
   * Also see \r{su_cs_pcopy_n()}. */
  EXPORT char *su_cs_copy_n(char *dst, char const *src, uz n);

but furthermore (which is why i write this)

  /*! Copy \a{src} to \a{dst}, return pointer to NUL in \a{dst}. */
  EXPORT char *su_cs_pcopy(char *dst, char const *src);

  /*! Copy \a{src} to \a{dst}, return pointer to NUL in \a{dst}.
   * Returns \NIL if \a{dst} is not large enough; \a{dst} will always be
   * terminated unless \a{n} was 0 on entry. */
  EXPORT char *su_cs_pcopy_n(char *dst, char const *src, uz n);

which are nice since they allow cheap chaining which occurs more
often than one would think (and old-style C programmers seems to
favour sn?printf(x, [y,] "%s%s...") for such things).
Length is then simply "ret - base".  Cheap tests.  (And before
someone cries out loud, pcopy() is very nice if you know the
buffer is large enough, which is true in >50 percent of all cases
i have yet used this instead of string objects.)

A nice Sunday i wish,

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

References:
- Re: strscpy
  - From: Taylor R Campbell

Prev by Date: Re: strscpy
Next by Date: Re: strscpy
Previous by Thread: Re: strscpy
Next by Thread: Re: strscpy
Indexes:

Home | Main Index | Thread Index | Old Index