On Thu, 2015-05-21 at 01:57 +0000, Heldt-Sheller, Nathan wrote: > Thanks Erich! > > What's the purpose of <maxSrcSize>? I can imagine a few reasons so I'm not > saying there isn't one, but I'm curious why you chose to use it. Several > other attempts at "safe" strcpy() that I've looked at don't use <maxSrcSize>, > I think giving the reasoning that it just gives another opportunity for > developer error. The thought is that like Microsoft's _S versions that it'll prevent running off the end of unterminated strings.
> > Also, do you have a detailed description in we can discuss, for the behavior > of OICStrcpy()? Not yet, I'd be up for a sit-down if you wanted to discuss it. it isn't implemented yet (beyond just a bit of research), so all of these answers can be discussed/changed easily enough. > > For example: > 1) Does it zero-fill <dest> out to <maxDestSize>? I hadn't decided yet, I don't really see the benefit of it, so I was leaning toward 'no' > 2) What does it do if <maxDestSize> is less than <maxSrcSize>? That shouldn't be an issue, unless strlen(src) >= maxDestSize > 3) What does it do if <maxDestSize> is equal to <maxSrcSize>, but <src> is > not NUL-terminated (NUL being the name for '\0')? It would leave off the last character of the Src and put a NUL there. > 4) What does it do if <maxDestSize> is actually larger than the buffer > pointed to by <dest>? Bad Stuff. Unfortunately, C doesn't provide us a good way of determining when this is the case, we sorta have to trust it in this case. > 5) What does it do if <dest> and/or <src> are NULL? Undefined behavior? I'd lean toward a no-op though > 6) What does it do if <dest> and/or <src> are not NULL, but are not > accessible? I'm not sure what you mean by that? > 7) Where does it place the NUL character (e.g. is it at index > <maxDestSize>-1, or <maxSrcSize>-1, or the NUL character location in src, > whichever of these three is smaller?) Whichever of the 3 is smaller. > 8) ... and anything else I forgot off the top of my head ;) > > These are good behaviors to define in the API description so that folks like > me know when to use and when not use OICStrcpy(). Yep, totally understand! I'd like to use it as much as possible (perhaps all the time?), so if your usages are different than the fairly trivial ones we are using, I'd definitely like to hear them to ensure that it can be used for all. > > I'm not trying to be a smart aleck, really! I've just got a vested interest > in how this works since we are making heavy use of forced NUL-termination > throughout our Security Resource Manager code, and I'll love to remove it in > favor of a standardized approach. > > Thanks, > Nathan > > -----Original Message----- > From: Keane, Erich > Sent: Wednesday, May 20, 2015 4:07 PM > To: Heldt-Sheller, Nathan > Cc: Lankswert, Patrick; iotivity-dev at lists.iotivity.org; Light, John J > Subject: Re: [dev] coding tip .... and warning > > I wans't aware of those, but they are actually somewhat similar to what I was > doing. > > I was leaning towards: > OICStrcpy(char* dest, size_t maxDestSize, const char* source, size_t > maxSrcSize); > > I was using strncpy_S from microsoft as my template. Additionally, I want to > guarantee that it will append \0 in the last spot of the dest array. > > -Erich > > On Wed, 2015-05-20 at 23:02 +0000, Heldt-Sheller, Nathan wrote: > > Erich can you share what "safe" version you are using as a replacement? > > Are you aware of strlcpy and strlcat? > > > > Thanks, > > Nathan > > > > -----Original Message----- > > From: iotivity-dev-bounces at lists.iotivity.org > > [mailto:iotivity-dev-bounces at lists.iotivity.org] On Behalf Of > > Lankswert, Patrick > > Sent: Wednesday, May 20, 2015 12:55 PM > > To: Keane, Erich; Light, John J > > Cc: iotivity-dev at lists.iotivity.org > > Subject: Re: [dev] coding tip .... and warning > > > > Erich, > > > > Thank you. I do not know why developers still think that strncpy() is safe. > > It is better than strcpy() but not safer. > > > > Pat > > > > > -----Original Message----- > > > From: iotivity-dev-bounces at lists.iotivity.org [mailto:iotivity-dev- > > > bounces at lists.iotivity.org] On Behalf Of Keane, Erich > > > Sent: Tuesday, May 19, 2015 6:27 PM > > > To: Light, John J > > > Cc: iotivity-dev at lists.iotivity.org > > > Subject: Re: [dev] coding tip .... and warning > > > > > > Thanks John! > > > > > > I've noticed a handful of those done incorrectly as well and have > > > been fixing them. > > > > > > The next fix that I'm working on is replacing all of our > > > strncpy/strcpy/strcat/strncat usages with a 'safe' version (or at > > > least with all the troubles in 1 place!), so hopefully I'll get to > > > fix most of them along the way. > > > > > > > > > On Tue, 2015-05-19 at 22:24 +0000, Light, John J wrote: > > > > It is gratifying to see more use of length protected string > > > > copies, but is important that they be done properly. > > > > > > > > > > > > > > > > I don?t see any > > > > > > > > > > > > > > > > strcpy(to, from); > > > > > > > > > > > > > > > > but I do see more than one > > > > > > > > > > > > > > > > strncpy(to, from, strlen(from)); > > > > > > > > > > > > > > > > and > > > > > > > > > > > > > > > > strncpy(to, from, sizeof (from)); > > > > > > > > > > > > > > > > Both of these are equivalent to strcpy, and should be avoided. > > > > > > > > > > > > > > > > It is critical that the third argument of strncpy be the amount of > > > > storage in the first argument (the destination). > > > > > > > > > > > > > > > > I am correcting the ones I find. > > > > > > > > > > > > > > > > John Light > > > > > > > > Intel OTC OIC Development > > > > > > > > > > > > _______________________________________________ > > > > iotivity-dev mailing list > > > > iotivity-dev at lists.iotivity.org > > > > https://lists.iotivity.org/mailman/listinfo/iotivity-dev > > > > > > _______________________________________________ > > > iotivity-dev mailing list > > > iotivity-dev at lists.iotivity.org > > > https://lists.iotivity.org/mailman/listinfo/iotivity-dev > > _______________________________________________ > > iotivity-dev mailing list > > iotivity-dev at lists.iotivity.org > > https://lists.iotivity.org/mailman/listinfo/iotivity-dev >
