This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Implement C11 annex K?


On Fri, 15 Aug 2014 08:35:52 -0700, Paul Eggert <eggert@cs.ucla.edu> wrote:
>   Other techniques should be used for fixed-size buffers.  For reasons 
> that should be obvious I don't recommend the technique of silent 
> truncation; but applications that require it can use snprintf, which is 
> more portable and useful than strlcpy anyway.

snprintf is overcomplicated for simple string copying (a common operation)
and does not directly support concatenation.
The presence of a formatting string when it's unnecessary is a serious problem;
a common mistake is to allow attackers to control a formatting string.
No formatting string means no opportunity for that mistake.
There's also the overhead (admittedly slight) of passing and processing the formatting string.

Many people who are trying to write secure software in C (such as the OpenBSD and Microsoft folks)
are increasingly trying to *stop* the use of traditional functions like strcpy and strncpy,
replacing them with functions that easily prevent out-of-bounds access when they
deal with statically-allocated buffers.
Their solutions are captured in strlcpy/strlcat and annex K, respectively.
The LibreSSL folks, like many security-minded folks, have to re-add strlcpy/strlcat:
  https://github.com/GostCrypt/libressl-portable/blob/master/configure.ac.tpl
But hey, the LibreSSL folks created strlcpy/strlcat, so that's unique to them, right?
Nope, OpenSSL defines "OPENSSL_strlcpy" (for example) in the first place
because they have to work around libraries without them.

Could you please post your empirical data?  Specific lines with context, etc.?
It's hard to seriously discuss pros & cons of such statements without them being posted for discussion.

--- David A. Wheeler


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]