LibTiff Mailing List

I see that libtiff is using strncpy() as a safer strcpy() and 
strncat() as a safer strcat().  Unfortunately, strncpy() does include 
a significant design flaw which causes it still to be insecure unless 
additional care is taken.  The problem occurs when the string to be 
copied exactly matches the buffer size, in which case the string will 
lack null termination.  The strlcpy() (and strlcat) functions avoid 
this glitch by always assuring null termination.  The return value of 
strl*() are also much more useful since it is easy to test if the 
string was truncated (and by how much).

GraphicsMagick is using strlcpy() and strlcat() for secure string 
copies.  I will be happy to contribute versions that I wrote myself 
for use in libtiff if libtiff choses to rely on these more secure 
functions.  Libtiff should name the replacement functions differently 
in order to avoid any possible conflict/confusion with system provided 
versions, or versions from some dependent library or program.

Bob
-- 
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/


AWARE [SYSTEMS]		Imaging expertise for the Delphi developer
		TIFF and LibTiff Mailing List Archive
	LibTiff Mailing List TIFF and LibTiff Mailing List Archive July 2010 Previous Thread Next Thread Previous by Thread Next by Thread Previous by Date Next by Date Contact The TIFF Mailing List Homepage This list is run by Frank Warmerdam Archive maintained by AWare Systems	Thread 2010.07.08 16:25 "strlcpy vs strncpy", by Bob Friesenhahn 2010.07.08 18:03 "Re: strlcpy vs strncpy", by Lee Howard 2010.07.08 18:06 "Re: strlcpy vs strncpy", by Olivier Paquet 2010.07.11 17:36 "Re: strlcpy vs strncpy", by Edward Lam 2010.07.12 19:30 "strncpy in tiffcrop", by Richard Nolde 2010.07.12 20:31 "Re: strncpy in tiffcrop", by Edward Lam 2010.07.10 11:04 "Re: strlcpy vs strncpy", by Albert Cahalan 2010.07.10 13:27 "Re: strlcpy vs strncpy", by Kevin Myers 2010.07.10 13:50 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.11 07:34 "Re: strlcpy vs strncpy", by Albert Cahalan 2010.07.11 08:06 "Re: strlcpy vs strncpy", by Toby Thain 2010.07.11 14:35 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.10 13:39 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.11 08:18 "Re: strlcpy vs strncpy", by Albert Cahalan 2010.07.11 16:35 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.12 17:34 "Re: strlcpy vs strncpy", by Dmitry V Levin 2010.07.12 18:13 "Re: strlcpy vs strncpy", by Bob Friesenhahn 2010.07.08 16:25 "strlcpy vs strncpy", by Bob Friesenhahn I see that libtiff is using strncpy() as a safer strcpy() and strncat() as a safer strcat(). Unfortunately, strncpy() does include a significant design flaw which causes it still to be insecure unless additional care is taken. The problem occurs when the string to be copied exactly matches the buffer size, in which case the string will lack null termination. The strlcpy() (and strlcat) functions avoid this glitch by always assuring null termination. The return value of strl*() are also much more useful since it is easy to test if the string was truncated (and by how much). GraphicsMagick is using strlcpy() and strlcat() for secure string copies. I will be happy to contribute versions that I wrote myself for use in libtiff if libtiff choses to rely on these more secure functions. Libtiff should name the replacement functions differently in order to avoid any possible conflict/confusion with system provided versions, or versions from some dependent library or program. Bob -- Bob Friesenhahn bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/

LibTiff Mailing List

Thread

2010.07.08 16:25 "strlcpy vs strncpy", by Bob Friesenhahn