Hi Jonny,
On Thu, Nov 09, 2023 at 10:31:49AM +0000, Jonny Grant wrote:
> > Probably the only way to solve the cleverness issue for good is to have an
> > immediately-available, foolproof, performant set of string functions that
> > are extremely straightforward to understand and use, flexible enough for
> > any use case, and generally agreed to be the first choice for string
> > manipulation.
>
> What's the best standardized function for C string copying in your
strlcpy(3) will soon be standard. POSIX.1-202x (Issue 8) will add it,
which is why it's been added recently to glibc. Hopefully, ISO C3x will
follow (yeah, it's not like tomorrow).
> opinion? They all seem to have drawbacks, strlcpy truncates (I'd
> rather it rejected if it didn't have enough buffer - could cause
> issues if the meaning of the string changed due to truncation, eg if
> it was a file path). Other alternative functions aren't widely in use.
If you are consistent in checking the return value of strlcpy(3) and
reporting an error, it's the best standard alternative nowadays.
snprintf(3), except for using int instead of size_t, has an equivalent
API, and is in C99, in case that means something.
If you would want to write something based on Michael Kerrisk's article,
you could do this:
ssize_t
strxcpy(char *restrict dst, char *restrict src, size_t dsize)
{
if (strlen(src) < dsize)
return -1;
strcpy(dst, src);
}
You may also want to calculate 'dsize' automagically, to avoid human
error, in case it's an array, so you could write a macro on top of it:
#define STRXCPY(dst, src) strxcpy(dst, src, ARRAY_SIZE(dst))
These are just small wrappers over standard functions, so you shouldn't
have problems adding them to your project.
This is my long term plan for shadow-utils, indeed. I'm first
transforming strncpy(3) calls into strlcpy(3) to remove the superfluous
padding, and later will use this strxcpy() to remove the truncated
strings to avoid misinterpretation.
Cheers,
Alex
>
> Kind regards, Jonny
--
<https://www.alejandro-colomar.es/>
Attachment:
signature.asc
Description: PGP signature
