[Opendnssec-develop] string handling

Rick van Rein rick at openfortress.nl
Thu Apr 9 11:50:16 UTC 2009


Hey all,

I like strlcat/strlcpy more than strncat/strncpy, but there's one worry
as far as I'm concerned.  Their spec has an exceptional case if the size
argument is 0.  I if had designed the function I would have exited on
those grounds, or at least raise a signal that could be caught.

Why?  Because that would eradicate the exceptional (and unpractical)
situation that must formally be checked before one can rely on the
function.  It is exactly because people don't read man pages very well
that strncpy/strncat are not always used properly; it is a bad idea to
raise similar-but-different exceptions on strlcat/strlcpy.

So I would propose to do something like

size_t strlcat(char *dst, const char *src, size_t siz) {
	if (siz) {
		return compat_strlcat (dst, src, siz);
	} else {
		kill (0, SIGHUP);
		while (1) ;
	}
}

Alternatively, we could adopt a coding style to insist on non-zero sizes
using assert:

	assert (siz != 0);
	strlcat (dst, src, siz);

> As the functions are so trivial, why not write our own (OpenDNSSEC-wide)
> versions and avoid any problems with them?

I think the common definitions still cause problems, albeit different ones.
We do need to be mindful about such things as much as we need to be mindful
about potential misinterpretations of strncat/strncpy.


Cheers,
 -Rick



More information about the Opendnssec-develop mailing list