This is the mail archive of the
mailing list for the glibc project.
Re: [libc-alpha] Re: [open-source] Re: Wish for 2002
> Date: Tue, 08 Jan 2002 16:59:10 -0600
> From: Francois Leclerc <firstname.lastname@example.org>
> What shocked me was that a 2001 article was still quoting 36 occurences
> of "strcpy" in a subset of glibc affecting 900+ places.
strcpy can be used perfectly safely, with no vulnerabilities whatsoever.
Its use in glibc does not mean there are any vulnerabilities in glibc.
It would be a mistake to rewrite glibc to use strlcpy instead of strcpy,
as that would make the code bigger, slower, and harder to read.
Also, I suspect that such a rewrite wouldn't fix a single security hole.
(If I'm wrong, please correct me.)