This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Implement C11 annex K?
- From: Florian Weimer <fweimer at redhat dot com>
- To: Andreas Schwab <schwab at suse dot de>
- Cc: libc-alpha at sourceware dot org
- Date: Thu, 14 Aug 2014 12:06:23 +0200
- Subject: Re: Implement C11 annex K?
- Authentication-results: sourceware.org; auth=none
- References: <E1XHe8v-0004Ur-Hp at rmm6prod02 dot runbox dot com> <Pine dot LNX dot 4 dot 64 dot 1408132054090 dot 16622 at digraph dot polyomino dot org dot uk> <53EBD7D9 dot 1040008 at cs dot ucla dot edu> <20140813213520 dot GQ12888 at brightrain dot aerifal dot cx> <53EBEACD dot 3070000 at googlemail dot com> <87k36cc559 dot fsf at windlord dot stanford dot edu> <20140814022501 dot GT12888 at brightrain dot aerifal dot cx> <87r40jbq2p dot fsf at windlord dot stanford dot edu> <20140814054610 dot GV12888 at brightrain dot aerifal dot cx> <87ha1fbnrp dot fsf at windlord dot stanford dot edu> <53EC87A4 dot 1080805 at redhat dot com> <mvmr40j4cep dot fsf at hawking dot suse dot de>
On 08/14/2014 12:02 PM, Andreas Schwab wrote:
Florian Weimer <fweimer@redhat.com> writes:
Here's a security bug which resulted from the incorrect use of strlcpy:
<http://www.samba.org/samba/security/CVE-2014-3560>
<https://git.samba.org/?p=samba.git;a=commitdiff;h=e6a848630d>
This only proves that strlcpy isn't any better at preventing security
bugs.
It also shows that there is a real cost to not providing strlcpy in glibc.
--
Florian Weimer / Red Hat Product Security