safe_strcpy is unsafe

Jeremy Allison jeremy at varesearch.com
Wed Jan 19 22:01:04 GMT 2000


On Thu, Jan 20, 2000 at 08:27:05AM +1100, Michael Stockman wrote:
> safe_strcpy is not very safe. It seems that it writes 1 char longer
> than maxlen, which is bad if the buffer isn't that long. Example of
> bad but common usage:
> 
> pstring str;
> safe_strcpy( str, "Hello world", sizeof(str) );
> 
> This may cause a SIGSEGV!

Unfortunately safe_strcpy was designed to replace an
interface that expected maxlen not to include the terminating
zero (it explicitly says this in the interface definition).

I am not happy about it, but it was designed to fit into
the existing code (which was written to expect this property).

It is safe given its interface definition, just not very intuitive.

In the UNICODE Samba re-write I am fixing these bad assumptions.

Regards,

	Jeremy Allison,
	Samba Team.


More information about the samba-technical mailing list