This is the mail archive of the libc-help@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: C11 Annex K support

From: Jeffrey Walton <noloader at gmail dot com>
To: Florian Weimer <fweimer at redhat dot com>
Cc: Manfred <mx2927 at gmail dot com>, libc-help at sourceware dot org
Date: Wed, 16 Jan 2019 11:33:22 -0500
Subject: Re: C11 Annex K support
References: <7ffe5f9c-1dbd-7ca9-bb31-d243304f15cc@gmail.com> <87va2ovb7l.fsf@oldenburg2.str.redhat.com>
Reply-to: noloader at gmail dot com

On Wed, Jan 16, 2019 at 11:06 AM Florian Weimer <fweimer@redhat.com> wrote:
>
> * Manfred:
>
> > To my surprise, it looks like glibc does not support C11 annex K
> > routines, i.e. strcpy_s and friends.
> >
> > Am I missing something?
>
> We consider Annex K very problematic:
>
>   <http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1969.htm>

Lol... Strawman arguments...

libupnp multiple vulnerabilities
(https://www.kb.cert.org/vuls/id/922681/) is a good case study in how
just broke the existing stuff can be. Each of the vulnerabilities
would have been mitigated with the new interfaces because the buffer
overflow would have been stopped due to the destination buffer size.

There's a lot to be said about what happens in real life...

Jeff

Follow-Ups:
- Re: C11 Annex K support
  - From: Szabolcs Nagy
- Re: C11 Annex K support
  - From: Manfred

References:
- C11 Annex K support
  - From: Manfred
- Re: C11 Annex K support
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]