Re: [hackers] [sbase] ed: Don't use strlcpy() || Roberto E. Vargas Caballero

From: Laslo Hunhold <>
Date: Tue, 10 Jan 2017 12:47:34 +0100

On Tue, 10 Jan 2017 08:56:46 +0100 (CET) wrote:

Hey Roberto,

> All the buffers related to files have FILENAME_MAX size, so it is
> impossible to have any buffer overrun.

I consider this way of thinking harmful, because it involves
assumptions about the code that are met in a different location. In
case FILENAME_MAX is changed to some strange value, this entire
building of thought breaks together.
There's no reason not to use strlcpy, as it saves you from buffer
overruns and other things. Nobody can possibly guarantee that some evil
input has a non-null-terminated fname and we write to savfname without

As Dimitris likes to say, programs spend 99% with I/O, so this
"optimization" here won't make a difference. Premature optimization is
the root of all evil, and given we get strlcpy() for free from libutil,
I strongly suggest we keep the usage here.



Laslo Hunhold <>
Received on Tue Jan 10 2017 - 12:47:34 CET

This archive was generated by hypermail 2.3.0 : Tue Jan 10 2017 - 12:48:18 CET