This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: C11 Annex K support
On Wed, Jan 16, 2019 at 11:06 AM Florian Weimer <fweimer@redhat.com> wrote:
>
> * Manfred:
>
> > To my surprise, it looks like glibc does not support C11 annex K
> > routines, i.e. strcpy_s and friends.
> >
> > Am I missing something?
>
> We consider Annex K very problematic:
>
> <http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1969.htm>
Lol... Strawman arguments...
libupnp multiple vulnerabilities
(https://www.kb.cert.org/vuls/id/922681/) is a good case study in how
just broke the existing stuff can be. Each of the vulnerabilities
would have been mitigated with the new interfaces because the buffer
overflow would have been stopped due to the destination buffer size.
There's a lot to be said about what happens in real life...
Jeff