Re: [PATCH] strcat.3, strncat.3: RIP strncat(3)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/5/22 16:49, Alejandro Colomar wrote:

Never use this function.  Really.

Cc: <pkg-shadow-devel@xxxxxxxxxxxxxxxxxxxxxxx>
Cc: <libc-alpha@xxxxxxxxxxxxxx>
Signed-off-by: Alejandro Colomar <alx@xxxxxxxxxx>
---

Hi!

To shadow-utils readers, I've seen there are a few uses of strncat(3) in
shadow-utils.  I'll review my current PR about string handling to also
address this issue.

To glibc readers, please bury this function deep down as if it were
radioactive waste.

Cheers,

Alex



The rendered version of the new manual page for strncpy(3) is:


strncat(3)              Library Functions Manual             strncat(3)

NAME
       strncat - concatenate two strings

LIBRARY
       Standard C library (libc, -lc)

SYNOPSIS
       #include <string.h>

       [[deprecated]]
       char *strncat(char dest[restrict strlen(.dest) + strnlen(.n) + 1],
                     const char src[restrict .n],
                     size_t n);

DESCRIPTION
       Note: Never use this function.

       For  safe  string concatenation, see strlcat(3bsd).  For copying
       or concatenating a string into a fixed‐length buffer with  zero‐
       ing of the rest, see stpncpy(3).

       strncat() appends at most n characters of src to the end of dst.
       It  always terminates with a null character the string placed in
       dest.

       A simple implementation of strncat() might be:

           char *
           strncat(char *dest, const char *src, size_t n)
           {
               return memcpy(dest + strlen(dest), src, strnlen(src, n));
           }

RETURN VALUE
       strncat() returns a pointer to the resulting string dest.

ATTRIBUTES
       For an explanation of the terms used in this  section,  see  at‐
       tributes(7).
       ┌─────────────────────────────────────┬───────────────┬─────────┐
       │Interface                            │ Attribute     │ Value   │
       ├─────────────────────────────────────┼───────────────┼─────────┤
       │strncat()                            │ Thread safety │ MT‐Safe │
       └─────────────────────────────────────┴───────────────┴─────────┘

STANDARDS
       POSIX.1‐2001, POSIX.1‐2008, C89, C99, SVr4, 4.3BSD.

BUGS
       All.  Seriously, there’s no use case for this function.

       It  has  a very misleading name.  This function has no relation‐
       ship with strncpy(3).

       Since it doesn’t know the size of the destination  buffer,  this
       function  can  easily  write past the end of the array, being an
       open door to all kinds of crackers.

SEE ALSO
       strcpy(3), string(3)

Linux man‐pages (unreleased)     (date)                      strncat(3)

--
<http://www.alejandro-colomar.es/>

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

[Index of Archives]     [Kernel Documentation]     [Netdev]     [Linux Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux