<br><tt><font size=2>Jakob Schlyter <jakob@kirei.se> wrote on 07/04/2009
19:06:14:<br>
<br>
> On 7 apr 2009, at 12.37, Rickard Bondeson wrote:</font></tt>
<br><tt><font size=2>></font></tt>
<br><tt><font size=2>> :<br>
> <br>
> I'd just like to make a more public note regarding string handling
in <br>
> OpenDNSSEC; as long as possible we should should strlcpy(3) and <br>
> strlcat(3) instead of home-brewn similar functions. if we need to
<br>
> support platforms that does not have those functions, we'll import
<br>
> compat-version from OpenSSH.</font></tt>
<br>
<br><tt><font size=2>I note a reservation in the Wikipedia article on the
subject:</font></tt>
<br>
<br><tt><font size=2>> > Red Hat developers Ulrich Drepper and James
Antill are critics of <br>
> > the strlcpy and strlcat functions.[2] Antill notes that they
are <br>
> > non-standard and that there are implementation differences between
<br>
> > the BSD and Solaris implementations (the return value of strlcat
<br>
> > when there is no nul in the destination buffer).[3] Antill also
<br>
> > expressed concern regarding the risks of truncation when using
any <br>
> > string function involving static allocation.[4] Drepper argues
that <br>
> > strlcpy and strlcat make truncation errors easier for a programmer
<br>
> > to ignore and thus can introduce more bugs than they remove;[2]
<br>
> > consequently, these functions have not been added to the GNU
C Library.</font></tt>
<br>
<br><tt><font size=2>If true, the things that concern me are:</font></tt>
<br>
<br><tt><font size=2>a) The implementation differences between BSD and
Solaris</font></tt>
<br><tt><font size=2>b) The fact that these are not in the GNU C library.</font></tt>
<br>
<br><tt><font size=2>(I'm not worried by the truncation argument. If
you are using fixed-</font></tt>
<br><tt><font size=2>length buffers as destinations, you should expect
truncation. That</font></tt>
<br><tt><font size=2>is a lesser evil than a buffer overflow.)</font></tt>
<br>
<br><tt><font size=2>As the functions are so trivial, why not write our
own (OpenDNSSEC-wide)</font></tt>
<br><tt><font size=2>versions and avoid any problems with them?</font></tt>
<br>
<br>
<br><tt><font size=2>Stephen</font></tt>
<br>