This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [open-source] Re: Wish for 2002 ...

On Fri, 11 Jan 2002 wrote:
> > > On Thu, Jan 10, 2002 at 04:37:27PM -0800, Paul Eggert wrote:
> > > > 	len = strlen(challenge) + strlen(PROMPT) + 1;
> > > > 	p = xmalloc(len);
> > > > 	p[0] = '\0';
> > > > 	strlcat(p, challenge, len);
> 	^^ This really should be strlcpy() and the p[0] line should be
> deleted  it makes really no sense to concat to an blank string.

Note that it _still_ is crap code even if you do that. It doesn't solve
any problems the original code didn't have.

If you actually want to improve it, do the _sane_ thing instead, and write
code like

	static char *strdup2(const char *s1, const char *s2)
		size_t l1 = strlen(s1);
		size_t l2 = strlen(s2);
		char * p = xmalloc(l1 + l2 + 1);

		memcpy(p, s1, l1);
		memcpy(p+l1, s2, l2);
		p[ l1 + l2 ] = 0;
		return p;

which is simple, portable, efficient, readable and secure. And notice how
strlcat/strlcpy doesn't give you _any_ of those.

Then you just replace your current crap with

	p = strdup2(PROMPT, challenge);

and get it all over with.

I will claim that the easiest way to improve security and reliability has
_nothing_ to do with stupid functions like strlcat, and _everything_ to do

 - readable, understandable, straightforward
 - small, "obvious" functions that are clearly secure in themselves.

Which are good things to have even if you don't work on security.

So how about it? Create your own small "strdup2()" instead of pushing
crap on others.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]