"Secure coding" audit checkers and Kerberos

Ken Raeburn raeburn at MIT.EDU
Wed Oct 15 16:39:07 EDT 2008

On Oct 15, 2008, at 15:57, Nicolas Williams wrote:
> On Wed, Oct 15, 2008 at 02:54:09PM -0400, Greg Hudson wrote:
>> Ulrich Drepper wrote, in one of his more tactful moments:
>>        Correct string handling means that you always know how long  
>> your
>>        strings are and therefore you can you memcpy (instead of
>>        strcpy).
> I don't agree.
> With strl*() you need only know the destination buffer's size, and  
> then
> check the strl*() result to see if truncation/overflow occurred.  (As
> the manpage says:

I said before, I'd want to look at the actual code, but I believe a  
lot of these case are cases where we've just allocated the buffer, and  
therefore have just worked out the lengths of the inputs and the size  
of the output string.  (Though in a bunch of such cases, I've already  
replaced the code with calls to asprintf.)  Perhaps Greg can  
characterize the contexts of the code that some of the tools are  
complaining about currently though; I don't know if you've been  
looking in that much detail yet.


More information about the krbdev mailing list