Changes to clitar.c: strcpy to pstrcpy ?

Andrew Tridgell tridge at samba.anu.edu.au
Fri May 15 13:40:10 GMT 1998


> I notice that someone has carefully gone through clitar and changed every
> occurrence of strcpy to pstrcpy.

That was Jeremy :)

I didn't do it in the earlier security audit because the client can
never be a security hole (it runs without special privilages).

> I would prefer to use strncpy and strncat
> where needed, especially since I use dynamically allocated strings in clitar.

better to use strlcpy() and strlcat() instead of strncpy() and
strncat().

The problems with strncpy() are that:

1) it zero fills the whole buffer. This is slow.
2) it doesn't null terminate the string if there is an overflow!

Cheers, Andrew


More information about the samba-technical mailing list