"Secure coding" audit checkers and Kerberos
John Hascall
john at iastate.edu
Wed Oct 15 16:49:05 EDT 2008
> On Wed, Oct 15, 2008 at 03:16:06PM -0500, John Hascall wrote:
> > > asprintf(&buf, "%s%s%s", s1, s2, s3);
> > > if (buf == NULL)
> > > return ENOMEM;
> > > Love
> > asprintf is a non-standard, and therefore
> > sub-optimally portable, GNU extension --
> > so you're still stuck writing something else
> > (perhaps your own asprintf implementation,
> > which is far more baggage than one needs
> > to concat a few strings).
> I disagree with the "far more baggage" characterization. Particularly
> if the alternative is to use memcpy() instead of strcpy().
While I can certainly understand the visceral dislike of memcpy
for string copies -- implementing every possible doohicky that
can go in a (GNU extended) *printf format string is a whole lot
of baggage.
John
More information about the krbdev
mailing list