Re: [dev] fsbm

From: <k0ga_AT_shike2.com>
Date: Fri, 7 Nov 2014 11:27:35 +0100

>> I disagree, check the size before of calling strcpy. If you want to
>> avoid security risk you also have to check the output of strlcpy
>> to detect truncations, so you don't win anything. In both cases
>> you have to add a comparision, so it is better to use strcpy that
>> is standard.
>
> Good luck with that.

You should read this:

http://sourceware.org/ml/libc-alpha/2002-01/msg00147.html

The full thread is really interesting. Saying that strcpy is insecure
is the same that saying that any pointer or array index is insecure
because you can write out of bounds.

If you know the size of the array then why you don't use memcpy
directly?.

Regards,
Received on Fri Nov 07 2014 - 11:27:35 CET

This archive was generated by hypermail 2.3.0 : Fri Nov 07 2014 - 11:36:08 CET