LibTiff Mailing List

Bob Friesenhahn wrote:
> I see that libtiff is using strncpy() as a safer strcpy() and 
> strncat() as a safer strcat().  Unfortunately, strncpy() does include 
> a significant design flaw which causes it still to be insecure unless 
> additional care is taken.  The problem occurs when the string to be 
> copied exactly matches the buffer size, in which case the string will 
> lack null termination.  The strlcpy() (and strlcat) functions avoid 
> this glitch by always assuring null termination.  The return value of 
> strl*() are also much more useful since it is easy to test if the 
> string was truncated (and by how much).
>
> GraphicsMagick is using strlcpy() and strlcat() for secure string 
> copies.  I will be happy to contribute versions that I wrote myself 
> for use in libtiff if libtiff choses to rely on these more secure 
> functions.  Libtiff should name the replacement functions differently 
> in order to avoid any possible conflict/confusion with system provided 
> versions, or versions from some dependent library or program.

I don't have any arguments against this.

Thanks,

Lee.


AWARE [SYSTEMS]		Imaging expertise for the Delphi developer
		TIFF and LibTiff Mailing List Archive
	LibTiff Mailing List TIFF and LibTiff Mailing List Archive July 2010 Previous Thread Next Thread Previous by Thread Next by Thread Previous by Date Next by Date Contact The TIFF Mailing List Homepage This list is run by Frank Warmerdam Archive maintained by AWare Systems	Thread 2010.07.08 16:25 "strlcpy vs strncpy", by Bob Friesenhahn 2010.07.08 18:03 "Re: strlcpy vs strncpy", by Lee Howard 2010.07.08 18:06 "Re: strlcpy vs strncpy", by Olivier Paquet 2010.07.11 17:36 "Re: strlcpy vs strncpy", by Edward Lam 2010.07.12 19:30 "strncpy in tiffcrop", by Richard Nolde 2010.07.12 20:31 "Re: strncpy in tiffcrop", by Edward Lam 2010.07.10 11:04 "Re: strlcpy vs strncpy", by Albert Cahalan 2010.07.10 13:27 "Re: strlcpy vs strncpy", by Kevin Myers 2010.07.10 13:50 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.11 07:34 "Re: strlcpy vs strncpy", by Albert Cahalan 2010.07.11 08:06 "Re: strlcpy vs strncpy", by Toby Thain 2010.07.11 14:35 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.10 13:39 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.11 08:18 "Re: strlcpy vs strncpy", by Albert Cahalan 2010.07.11 16:35 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.12 17:34 "Re: strlcpy vs strncpy", by Dmitry V Levin 2010.07.12 18:13 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.08 18:03 "Re: strlcpy vs strncpy", by Lee Howard Bob Friesenhahn wrote: > I see that libtiff is using strncpy() as a safer strcpy() and > strncat() as a safer strcat(). Unfortunately, strncpy() does include > a significant design flaw which causes it still to be insecure unless > additional care is taken. The problem occurs when the string to be > copied exactly matches the buffer size, in which case the string will > lack null termination. The strlcpy() (and strlcat) functions avoid > this glitch by always assuring null termination. The return value of > strl*() are also much more useful since it is easy to test if the > string was truncated (and by how much). > > GraphicsMagick is using strlcpy() and strlcat() for secure string > copies. I will be happy to contribute versions that I wrote myself > for use in libtiff if libtiff choses to rely on these more secure > functions. Libtiff should name the replacement functions differently > in order to avoid any possible conflict/confusion with system provided > versions, or versions from some dependent library or program. I don't have any arguments against this. Thanks, Lee.

LibTiff Mailing List

Thread

2010.07.08 18:03 "Re: strlcpy vs strncpy", by Lee Howard