Why hasn't the software community hasn't more widely accepted the use of strlcpy and strlcat? While these functions aren't included with all platforms, the source is pretty simple to include in one's application. The benefits are obvious: strlcpy truncates the copied string if necessary based on the size provided, and insures that it is always NUL terminated. The strlcat function acts the same way as strncat, only the size being sent to the function is the maximum length of the string, rather than the maximum number of characters to copy. It also NUL terminates on truncation. -----Original Message----- From: Tim J. Robbins [mailto:tim@robbins.dropbear.id.au] Sent: Sunday, December 30, 2001 9:06 PM To: bugtraq@securityfocus.com Subject: Re: gzip bug w/ patch.. On Sun, Dec 30, 2001 at 02:26:10PM -0000, greg wrote: > well anyway, there is an attached patch, bye. > - strcpy(nbuf,dir); > + strncpy(nbuf, dir, sizeof(nbuf) - 1); You must ensure the trailing NUL character is at the end of the string: nbuf[sizeof(nbuf) - 1] = '\0'; Tim
