Re: Manpage of strlcat/strlcpy

2022-11-22 Thread Theo de Raadt 
Eric Sanchis  wrote:

> Dear Maintainer,
> 
> I have two remarks about:
> https://man.openbsd.org/OpenBSD-5.9/strlcpy.3
> 
> (1) In the section “Return Values”, it is written:
> n = strlcpy(dst, src, len);
> n = snprintf(dst, len, "%s", src);
> But len should not be a length but a size. This example can confuse
> beginners. So I suggest the modifications:
> n = strlcpy(dst, src, dstsize);
> n = snprintf(dst, dstsize, "%s", src);

Disagree on this.  It is called "len" in other places, example from strncpy
manual page:

DESCRIPTION
 The strncpy() function copies not more than len characters from the
 string src to the buffer dst.  If src is less than len characters long,
 it fills the remaining buffer with `\0' characters.  If the length of src
 is greater than or equal to len, dst will not be NUL-terminated.

The purpose of an argument or other variable is always narrowly defined, and
people must pay attention.  If they trip over this, they should consider
working a meal service industry job instead.

I am also confused what you really mean here. If "len" is not the size of
the destination, what do you think a programmer might calculate it from?
They cannot fail to initialize it.  Do you honestly believe they could
mistakenly initialize it from the size of the src?  That's ridiculous and
such a lack of attention will not be solved by changing the name.

> (2) In the section “Description”, it is written:
> “They are designed to be safer, more consistent, and less error prone
> replacements for the easily misused functions strncpy(3) and
> strncat(3).”
> It is not completely true: strncpy/strncat can copy/concatenate a
> substring of src (the third parameter n means n bytes of src).
> Strlcpy/strlcat cannot.

My car is a safer, more consistant, and less error prone replacement for
the more dangerous transport by rocket ship.

Sorry, strlcpy was designed specfically to stop you from doing that kind of
batshit crazy manual handling of temporarily unterminated non-strings.
If you want to keep doing batshit crazy, strncpy and strncat have not been
removed, so you be you until you create a CVE.

Manpage of strlcat/strlcpy

2022-11-22 Thread Eric Sanchis 
Dear Maintainer,

I have two remarks about:
https://man.openbsd.org/OpenBSD-5.9/strlcpy.3

(1) In the section “Return Values”, it is written:
n = strlcpy(dst, src, len);
n = snprintf(dst, len, "%s", src);
But len should not be a length but a size. This example can confuse
beginners. So I suggest the modifications:
n = strlcpy(dst, src, dstsize);
n = snprintf(dst, dstsize, "%s", src);

(2) In the section “Description”, it is written:
“They are designed to be safer, more consistent, and less error prone
replacements for the easily misused functions strncpy(3) and
strncat(3).”
It is not completely true: strncpy/strncat can copy/concatenate a
substring of src (the third parameter n means n bytes of src).
Strlcpy/strlcat cannot.

Sincerely yours,

Eric Sanchis
Associate Professor in Computer Science
University of Toulouse Capitole (IUT Rodez)
France