➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2002-08-15 19:27 by nascheme, last changed 2022-04-10 16:05 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| strlcpy.c | nascheme, 2002-08-15 19:27 | |||
| add_strlcpy.diff | nascheme, 2002-08-15 19:43 | |||
| Messages (9) | |||
|---|---|---|---|
| msg40944 - (view) | Author: Neil Schemenauer (nascheme) *  |
Date: 2002-08-15 19:27 | |
I thought there as a bug or patch regarding this issue but I can't find it now. The Python interpreter has quite a few calls to strncpy. Most of the calls intend to copy a string without overflowing the destination buffer. strncpy is ill suited for this purpose. It copies too much data and does not guarantee that the destination string is null terminated. strlcpy has been designed for this purpose and should be used instead. Since strlcpy is not available on all platforms I've written a version that can be used if it is missing. The BSD version unfortunately carries the annoying advertising requirement so it can't be used. Please review the strlcpy implementation. The patches to change the interpreter to use it are coming. |
|||
| msg40945 - (view) | Author: Neil Schemenauer (nascheme) * |
Date: 2002-08-15 19:43 | |
Logged In: YES user_id=35752 Patch to make strlcpy available to the interpreter. No calls to strncpy have been changed. |
|||
| msg40946 - (view) | Author: Tim Peters (tim.peters) * |
Date: 2002-08-15 20:35 | |
Logged In: YES user_id=31435 Neil, the patch you're thinking of is attached to this bug tracker item: [487703] Replace strcat, strcpy We should close one of these guys as a duplicate. I apologize for sitting on that bug for so long! It just hasn't seemed a priority. BTW, I expect this is so straightforward that you should just check in appropriate changes at will. |
|||
| msg40947 - (view) | Author: Martin v. Löwis (loewis) * |
Date: 2002-08-15 20:48 | |
Logged In: YES user_id=21627 I'm strongly opposed to strlcpy. It's an invention that serves no real purpose, and I hope it won't find its way into Python. Instead, it should be sufficient to review all calls to strncpy for correctness. It *is* possible to use strncpy in a safe way, and I suggest that the places where it is used unsafely are corrected. Since I'm with prejudice, I'm not really qualified to review the patch. |
|||
| msg40948 - (view) | Author: Neil Schemenauer (nascheme) * |
Date: 2002-08-15 21:31 | |
Logged In: YES user_id=35752 See http://www.usenix.org/events/usenix99/full_papers/millert/millert_html/ for a paper on strlcpy. |
|||
| msg40949 - (view) | Author: Neil Schemenauer (nascheme) * |
Date: 2002-08-15 22:04 | |
Logged In: YES user_id=35752 See bug 487703 for some more discussion. It seems there is some controversy surrounding the strlcpy and strlcat functions. |
|||
| msg40950 - (view) | Author: Neil Schemenauer (nascheme) * |
Date: 2002-08-15 22:07 | |
Logged In: YES user_id=35752 Oops, didn't mean to close this just yet. |
|||
| msg40951 - (view) | Author: Guido van Rossum (gvanrossum) * |
Date: 2002-08-16 00:26 | |
Logged In: YES user_id=6380 Well, *I* say we ignore it. |
|||
| msg40952 - (view) | Author: Tim Peters (tim.peters) * |
Date: 2002-08-16 02:42 | |
Logged In: YES user_id=31435 Since Guido closed this again, based on his comment I expect he intended to reject it, so changed Resolution to Rejected. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-10 16:05:35 | admin | set | github: 37039 |
| 2002-08-15 19:27:57 | nascheme | create | |