[Patches] [ python-Patches-595703 ] Replace (most) strncpy calls w/ strlcpy

[noreply@sourceforge.net]

Patches item #595703, was opened at 2002-08-15 19:27
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=595703&group_id=5470

Category: Core (C code)
Group: None
>Status: Open
Resolution: None
>Priority: 2
Submitted By: Neil Schemenauer (nascheme)
Assigned to: Nobody/Anonymous (nobody)
Summary: Replace (most) strncpy calls w/ strlcpy

Initial Comment:
I thought there as a bug or patch regarding this issue
but I can't find it now.

The Python interpreter has quite a few calls to
strncpy.  Most of the calls intend to copy a string
without overflowing the destination buffer.  strncpy is
ill suited for this purpose.  It copies too much data
and does not guarantee that the destination string is
null terminated.  strlcpy has been designed for this
purpose and should be used instead.

Since strlcpy is not available on all platforms I've
written a version that can be used if it is missing.
The BSD version unfortunately carries the annoying
advertising requirement so it can't be used.

Please review the strlcpy implementation.  The patches
to change the interpreter to use it are coming.

----------------------------------------------------------------------

>Comment By: Neil Schemenauer (nascheme)
Date: 2002-08-15 22:07

Message:
Logged In: YES 
user_id=35752

Oops, didn't mean to close this just yet.

----------------------------------------------------------------------

Comment By: Neil Schemenauer (nascheme)
Date: 2002-08-15 22:04

Message:
Logged In: YES 
user_id=35752

See bug 487703 for some more discussion.  It seems
there is some controversy surrounding the strlcpy and
strlcat functions.

----------------------------------------------------------------------

Comment By: Neil Schemenauer (nascheme)
Date: 2002-08-15 21:31

Message:
Logged In: YES 
user_id=35752

See
http://www.usenix.org/events/usenix99/full_papers/millert/millert_html/
for a paper on strlcpy.

----------------------------------------------------------------------

Comment By: Martin v. Löwis (loewis)
Date: 2002-08-15 20:48

Message:
Logged In: YES 
user_id=21627

I'm strongly opposed to strlcpy. It's an invention that
serves no real purpose, and I hope it won't find its way
into Python.

Instead, it should be sufficient to review all calls to
strncpy for correctness. It *is* possible to use strncpy in
a safe way, and I suggest that the places where it is used
unsafely are corrected.

Since I'm with prejudice, I'm not really qualified to review
the patch.

----------------------------------------------------------------------

Comment By: Tim Peters (tim_one)
Date: 2002-08-15 20:35

Message:
Logged In: YES 
user_id=31435

Neil, the patch you're thinking of is attached to this bug 
tracker item:

[487703] Replace strcat, strcpy

We should close one of these guys as a duplicate.  I 
apologize for sitting on that bug for so long!  It just hasn't 
seemed a priority.

BTW, I expect this is so straightforward that you should just 
check in appropriate changes at will.

----------------------------------------------------------------------

Comment By: Neil Schemenauer (nascheme)
Date: 2002-08-15 19:43

Message:
Logged In: YES 
user_id=35752

Patch to make strlcpy available to the interpreter.  No calls to
strncpy have been changed.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=595703&group_id=5470