Re: PATCH: safe string copy and concetation

[James Antill <james at and dot org>]

Chiaki Ishikawa <Chiaki.Ishikawa@personal-media.co.jp> writes:

> X-PMC-CI-e-mail-id: 13401 
> 
> For a newly written programs going through debugging,
> I think Ultrich Drepper's argument makes sense.
> 
> However, on a running server, you may find, to our horror and
> surprise, that a necessary daemon or production programs have
> a str* related overflow. Ugh.
> 
> In such a case, strlcpy and friends can be a valuable tool
> for a QUICK SHORTT-TERM BAND-AID.
> We can BUY TIME TO FIX THE PROBLEMS at the root cause while
> at least the program in question is limping along (not crashing, nor
> being abused.).
> 
> Real world problems of B-news came to my mind when I looked the exchanges on 
> this topic.
> (Once the Internet becme very large in a short time, Bnews experienced
> internal buffer overflows because the size of buffers allocated for
> news propagation paths was not long enough, etc..
> I wish I had strlcpy and friends back when this happend.
>
> I tried kludges for about 3 months each time a new problem surfaced
> but gave up and switched to INN.)

 So instead of buffer overruns Bnews would have been great to spam
through because nobody would be able to trace where anything came from
(the end of the paths would be chopped off) and it "worked" so a lot
less people would have moved to INN.
 Anyway the functions given could be trivially implemented (1 to 2
lines each via. calls to sprintf()) if you really need them.

-- 
James Antill -- james@and.org
"If we can't keep this sort of thing out of the kernel, we might as well
pack it up and go run Solaris." -- Larry McVoy.