On 2014/04/18 09:50, dera...@cvs.openbsd.org wrote: > Small demonstration of the kinds of things we'll have to mop up for > weeks more. > > From OpenSSL CHANGES file: > > *) Introduce safe string copy and catenation functions > (BUF_strlcpy() and BUF_strlcat()). > [Ben Laurie (CHATS) and Richard Levitte] > > That's from back in 2002. > > These functions work just like ours in OpenBSD. The return values > indicate overflow. We've been advising people to check for overflow > from the start, which is why we designed these like snprintf. > > Good move, but then let's see how they used them:
PostgreSQL did a strlcpy conversion recently. "Use strlcpy() and related functions to provide a clear guarantee that fixed-size buffers are not overrun". Guess what, this is exactly whow they used them too.
