"Secure coding" audit checkers and Kerberos

Russ Allbery rra at stanford.edu
Tue Oct 14 22:02:22 EDT 2008

Luke Howard <lukeh at padl.com> writes:

>> * Instead of strcpy or strcat, use memcpy.  Remember to ensure that
>>  the string is terminated if you are not copying a terminator.
> What about using strlcpy/strlcat (providing implementations for  
> platforms that don't support them).

I wrote implementations of strlcat and strlcpy for systems that don't have
them some time back, along with fairly complete test suites, and released
them into the public domain.  You're quite welcome to use them.  (They're
trivial functions, but that saves someone else the effort of writing them
and testing them.)

Likewise, there's a public domain version of snprintf that I've been using
for some time for systems that either don't have snprintf (rare these
days) or that have a buggy / pre-C99 version (all versions of Solaris
prior to 9).

Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the krbdev mailing list