strcat+strcat+strcat == baaad

[Medland, Bill]

> -----Original Message-----
> From: wine-devel-admin at winehq.com 
> [mailto:wine-devel-admin at winehq.com]On
> Behalf Of Alexandre Julliard
> Sent: Monday, December 02, 2002 9:03 AM
> To: Shachar Shemesh
> Cc: David Laight; David Fraser; Shachar Shemesh; Francois Gouget;
> wine-devel at winehq.com
> Subject: Re: strcat+strcat+strcat == baaad
> 
> 
> Shachar Shemesh <winehebhaim at sun.consumer.org.il> writes:
> 
> > I suggest implementing strlcat and strlcpy, as in OpenBSD. 
> I can write
> > them, but I'm not sure where to place them. They should either be
> > inlined (as in - implemented in an include file as a static 
> func), or
> > in some library that will be linked (statically, I hope). Ideas?
> 
> We don't need that, there are Windows API functions like lstrcpyn that
> can be used for that. And in any case the right approach to writing
> correct and secure code is not to truncate every string in sight to
> some fixed buffer size; it's to make sure you allocate buffers of the
> right size, and then you can use standard strcpy/strcat/sprintf/etc.
> without worrying about lengths.
I think this statement has to be tightened.  I am sure you know exactly what
you mean, Alexandre, and I believe that I and many others do.  However I
think we need to mention that one needs to consider that the strings passed
in may be bad, e.g. unterminated.  Either one uses that actual measured
lengths of the strings when allocating or one checks the lengths of the
strings against the allocated space.  In particular one DOES NOT allocate on
the basis of some wishy-washy documentation statement or a hard-coded
constant that the caller may well have ignored.
> 
> -- 
> Alexandre Julliard
> julliard at winehq.com
> 
> 
Bill Medland