This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
Re: [open-source] Re: Wish for 2002 ...
- From: Linus Torvalds <torvalds at transmeta dot com>
- To: <mouring at etoh dot eviladmin dot org>
- Cc: Markus Friedl <markus at openbsd dot org>, Paul Eggert <eggert at twinsun dot com>, <leclerc at austin dot sns dot slb dot com>, <security-audit at ferret dot lmh dot ox dot ac dot uk>, <libc-alpha at sources dot redhat dot com>, <openssh at openbsd dot org>
- Date: Fri, 11 Jan 2002 11:36:27 -0800 (PST)
- Subject: Re: [open-source] Re: Wish for 2002 ...
On Fri, 11 Jan 2002 mouring@etoh.eviladmin.org wrote:
> > > On Thu, Jan 10, 2002 at 04:37:27PM -0800, Paul Eggert wrote:
> > > > len = strlen(challenge) + strlen(PROMPT) + 1;
> > > > p = xmalloc(len);
> > > > p[0] = '\0';
> > > > strlcat(p, challenge, len);
> ^^ This really should be strlcpy() and the p[0] line should be
> deleted it makes really no sense to concat to an blank string.
Note that it _still_ is crap code even if you do that. It doesn't solve
any problems the original code didn't have.
If you actually want to improve it, do the _sane_ thing instead, and write
code like
static char *strdup2(const char *s1, const char *s2)
{
size_t l1 = strlen(s1);
size_t l2 = strlen(s2);
char * p = xmalloc(l1 + l2 + 1);
memcpy(p, s1, l1);
memcpy(p+l1, s2, l2);
p[ l1 + l2 ] = 0;
return p;
}
which is simple, portable, efficient, readable and secure. And notice how
strlcat/strlcpy doesn't give you _any_ of those.
Then you just replace your current crap with
p = strdup2(PROMPT, challenge);
and get it all over with.
I will claim that the easiest way to improve security and reliability has
_nothing_ to do with stupid functions like strlcat, and _everything_ to do
with
- readable, understandable, straightforward
- small, "obvious" functions that are clearly secure in themselves.
Which are good things to have even if you don't work on security.
So how about it? Create your own small "strdup2()" instead of pushing
crap on others.
Linus