> The consumer of the string (the kernel) already has to be careful in
> access because it can't trust user space buffers, so switching to
> strlcpy over strncpy doesn't buy anything at all in terms of safety.
> I guess it can be done (sacrificing that last byte) if someone feels
> moved to do it, but I disagree that we should just automatically
> change all strn* to strl*.
Fair enough. That said, a lot of the strncpy() users I've seen also feel
the need to NUL-terminate the interface name as well -- e.g. (from in.mpathd):
(void) strncpy(lifr.lifr_name, pi->pi_name, sizeof (lifr.lifr_name));
lifr.lifr_name[sizeof (lifr.lifr_name) - 1] = '\0';
So regardless of strlcpy(), the interface name has effectively already
been limited to LIFNAMSIZ-1 characters. So it seems preferable to just
use strlcpy() all the time -- not to mention that it makes things simpler
if the application wants to operate on lifr_name without fear that it
might not be NUL-terminated.
--
meem
_______________________________________________
networking-discuss mailing list
[email protected]
