Re: [hackers] [dwm] [PATCH] Replace str[n]cpy with strlcpy

From: Anselm R Garbe <garbeam_AT_gmail.com>
Date: Wed, 8 Jun 2016 07:41:08 +0200

Hi FRIGN,

we had this strlcpy pseudo-discussion years ago. And we concluded to
avoid adopting strlcpy.

The basic reason is, that the claim of strlcpy to be more secure than
strncpy is a myth. Roberto has pointed this out already. In either
case you should handle the retval for arbitrary source inputs,
_unless_ you are knowing what you are doing.

In case of dwm, we don't process arbitrary input apart from window
titles. And for those we exactly know what we do. Client structures
are always zero-allocated and c->name[sizeof c->name - 1] is never
touched and hence the last resort string terminator. For all other
uses of strcpy or strncpy the buffer sizes will suffice unless you
don't purposefully exceed the VERSION macro at compile time to be
longer than 251 chars -- and here it wouldn't be about arbitrary input
anyways and detected at compile time (if the compiler is smart
enough).

Also bare in mind, that there is a significant usage difference
between strlcpy and strncpy. strlcpy always requires that the size
argument contains space for the trailing 0, whereas the size argument
of strncpy does not require this. Our code is written to work well
with a non-null-terminated strncpy operation (last resort terminator),
so there is really no need to introduce strlcpy for pseudo security
reasons.

I think the same should apply for most suckless stuff as well.

BR,
Anselm
Received on Wed Jun 08 2016 - 07:41:08 CEST