This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Implement C11 annex K?
- From: Andreas Schwab <schwab at suse dot de>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: libc-alpha at sourceware dot org
- Date: Thu, 14 Aug 2014 12:02:22 +0200
- Subject: Re: Implement C11 annex K?
- Authentication-results: sourceware.org; auth=none
- References: <E1XHe8v-0004Ur-Hp at rmm6prod02 dot runbox dot com> <Pine dot LNX dot 4 dot 64 dot 1408132054090 dot 16622 at digraph dot polyomino dot org dot uk> <53EBD7D9 dot 1040008 at cs dot ucla dot edu> <20140813213520 dot GQ12888 at brightrain dot aerifal dot cx> <53EBEACD dot 3070000 at googlemail dot com> <87k36cc559 dot fsf at windlord dot stanford dot edu> <20140814022501 dot GT12888 at brightrain dot aerifal dot cx> <87r40jbq2p dot fsf at windlord dot stanford dot edu> <20140814054610 dot GV12888 at brightrain dot aerifal dot cx> <87ha1fbnrp dot fsf at windlord dot stanford dot edu> <53EC87A4 dot 1080805 at redhat dot com>
Florian Weimer <fweimer@redhat.com> writes:
> Here's a security bug which resulted from the incorrect use of strlcpy:
>
> <http://www.samba.org/samba/security/CVE-2014-3560>
> <https://git.samba.org/?p=samba.git;a=commitdiff;h=e6a848630d>
This only proves that strlcpy isn't any better at preventing security
bugs.
Andreas.
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."