Bugtraq mailing list archives

Re: strcpy versus strncpy

From: wietse () PORCUPINE ORG (Wietse Venema)
Date: Tue, 3 Mar 1998 19:09:21 -0500


Kragen:

Well, the question is, what do you do with strings that are too long?  Do
you (a) dynamically allocate memory for them, (b) silently truncate them,
(c) return an error, or (d) let them overflow your buffers and crash your
program in interesting and possibly-exploitable ways?
[...]
I think that (c) is better -- as you said -- in situations where there
is the potential for DoSes.

strncpy, strncat, snprintf, et al., don't support (c) very well.  Small
wrapper functions to do (c) (much like djb's stralloc functions, which
support (a), used throughout qmail) would greatly facilitate it.


Wietse's VMailer (www.vmailer.org) MTA uses a different approach:
string lengths are limited upon entry, and the number of instances
of any object is limited as well. The limits are generous enough
that they do not get in the way of normal operation.  Because of
these limits, the programs can use straightforward (a) style memory
allocation without nasty unbounded memory allocation problems.

        Wietse

Current thread:

strcpy versus strncpy Morten Welinder (Mar 02)
- Re: strcpy versus strncpy Dean Gaudet (Mar 02)
  - Re: strcpy versus strncpy Joe Zbiciak (Mar 02)
- Re: strcpy versus strncpy Daniel Reed (Mar 02)
  - Re: strcpy versus strncpy Kragen (Mar 03)
    - Re: strcpy versus strncpy Wietse Venema (Mar 03)
  - Re: strcpy versus strncpy pedward () WEBCOM COM (Mar 03)
- Re: strcpy versus strncpy Aleph One (Mar 02)
- Re: strcpy versus strncpy sinster () DARKWATER COM (Mar 02)
  - Re: strcpy versus strncpy Nick Maclaren (Mar 03)
  - Re: strcpy versus strncpy Mark Walker (Mar 03)
- updatedb: sort patch Michael Ballbach (Mar 02)
- Re: strcpy versus strncpy Eivind Eklund (Mar 03)
- Vulnerabilites in some versions of info2www CGI Niall Smart (Mar 03)
- Universal Wrapper Willy TARREAU (Mar 03)
- Re: strcpy versus strncpy Victor Lavrenko (Mar 03)

(Thread continues...)