This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Implement C11 annex K?


Florian Weimer <fweimer@redhat.com> writes:

> On 08/14/2014 12:02 PM, Andreas Schwab wrote:
>> Florian Weimer <fweimer@redhat.com> writes:
>>
>>> Here's a security bug which resulted from the incorrect use of strlcpy:
>>>
>>>    <http://www.samba.org/samba/security/CVE-2014-3560>
>>>    <https://git.samba.org/?p=samba.git;a=commitdiff;h=e6a848630d>
>>
>> This only proves that strlcpy isn't any better at preventing security
>> bugs.
>
> It also shows that there is a real cost to not providing strlcpy in glibc.

No, you got it backwards.  Had samba used the standard string functions
it would have been "protected" by fortification.  Of course,
fortification is just a workaround for sloppy programming anyway.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]