best practice for packing programs that use strlcpy()?
Bryn M. Reeves
bmr at redhat.com
Fri Jan 29 10:50:03 UTC 2010
On Thu, 2010-01-28 at 23:38 -0800, Eric Smith wrote:
> Tom "spot" Callaway wrote:
> > You could probably package up libbsd for inclusion:
> > http://libbsd.freedesktop.org/wiki/
> >
> That's exactly the kind of thing I was hoping to find. I've submitted a
> package for review:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=559856
Be aware also that despite rumors to the contrary it's just as easy to
misuse and abuse srtl* and friends as the other string handling
routines.
Code using them should be subject to the same security review scrutiny
as code using other string mungling interfaces.
Cheers,
Bryn.
More information about the devel
mailing list