safe_strcpy is unsafe
jeremy at varesearch.com
Wed Jan 19 22:01:04 GMT 2000
On Thu, Jan 20, 2000 at 08:27:05AM +1100, Michael Stockman wrote:
> safe_strcpy is not very safe. It seems that it writes 1 char longer
> than maxlen, which is bad if the buffer isn't that long. Example of
> bad but common usage:
> pstring str;
> safe_strcpy( str, "Hello world", sizeof(str) );
> This may cause a SIGSEGV!
Unfortunately safe_strcpy was designed to replace an
interface that expected maxlen not to include the terminating
zero (it explicitly says this in the interface definition).
I am not happy about it, but it was designed to fit into
the existing code (which was written to expect this property).
It is safe given its interface definition, just not very intuitive.
In the UNICODE Samba re-write I am fixing these bad assumptions.
More information about the samba-technical