There was a fresh discussion in some maillists (security-audit, glibc-alpha) of strlcpy() and strlcat() in context of possible inclusion to glibc. Among others, the question was spoken that strlcat manpage contains a dark moment of strlcat() return value. One should agree with affirmation that strlcat() must not check characters after dst[size-1], the first reason is that memory block can end here; but, James Antill reported that Sun programmers lost their mind and checks full length of dst as a source nul-terminated string. (I didn't check his report.) In this context, I think the following patch should be applied to provide explicit clarification of this moment and full accordance with source code.
--- strlcpy.3.0 Thu Jan 10 23:24:42 2002 +++ strlcpy.3 Thu Jan 10 23:48:22 2002 @@ -114,11 +114,9 @@ .Fa src . For .Fn strlcat -that means the initial length of -.Fa dst -plus -the length of -.Fa src . +that means min(size, strlen(dst)) + strlen(src) (but, +.Fn strlcat +never reads memory after dst[size-1]). While this may seem somewhat confusing it was done to make truncation detection simple. .Sh EXAMPLES /netch To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
