Re: [hackers] [dwm] [PATCH] Replace str[n]cpy with strlcpy

From: <k0ga_AT_shike2.com>
Date: Mon, 6 Jun 2016 20:12:19 +0200

> there is also another point here: strlcpy is safer than strcpy
> and strncpy because _if_ there is an overflow the string will

What happens if you pass an incorrect size to strlcpy?. Please,
stop of saying stupid things.

        if (strlcpy(dst, src, nsrc) >= nsrc)
                error();

is equal to:

        if (nsrc >= ndst)
                error();
        memcpy(dst, src, nsrc);

but the code with strlcpy is slower and not portable.

There is a reason why after 16 years strlcpy is not in any
standard, no C11, no POSIX, and it is because it sucks a lot.
From my point of view the worst thing is that people believe
that using strlcpy the code magically becomes secure, and this
is a totally false security sensation. You have to check the
return code, and it means that the code is totally equivalent
to an explicit if. Look for example this case:

        deluser(strlcpy(dst, "user15", 4));

Since you are not checking any return code there you are not
deleting the correct user, and this kind of attacks can be very
easy of attack, more easier than stack overflow.

In a previous mail you said that one of the reasons of using
strlcpy was to avoid problems in the future due to modifications
in the code. Did you think about it before writing it?. You
can say that of _ANY_ operation in C, mainly with pointers and
indexes, but strlcpy can not help at all in a situation like this:


        #define LENA 5
        #define LENB 6

        char sa[LENB];

        f(sa);

        f(char s[LENB])
        {
                strlcpy(s, "This is a very long string", LENB);
        }

and now you have this patch:

        - char sa[LENB];
        + char sa[LENA];

Do you see? strlcpy didn't help at all, and due to the
false security sensation the programmer didn't dig to
see all the side effects of changing the size of sa.
C is a very low level language, and it is a language
without support for strings, and the only way of writting
correct code is to be very carefull and before doing any
change check everything, and look for all the possible
errors due to your change.

And of course, strlcpy is also totally useless because
you can do the same work with snprintf.


Regards,

PD: I don't want to begin a flame war, but please, stop
of being a fan boy and think for yourself, try to find
the strong points and what is propaganda.
Received on Mon Jun 06 2016 - 20:12:19 CEST