[PATCH] Remove clobber_region() etc

Andrew Bartlett abartlet at samba.org
Tue Mar 22 01:16:03 MDT 2011

On Tue, 2011-03-22 at 08:01 +0100, Volker Lendecke wrote:
> On Tue, Mar 22, 2011 at 05:37:12PM +1100, Andrew Bartlett wrote:
> > We don't have pstrings any more, so the underlying risk has changed.
> > Has anyone found any bugs using this code in the past few years?
> I haven't. And, to be honest, I never really understood the
> reasoning behind those safe_strcpy things given that we have
> strlcpy these days. For me it's always a pain to follow the
> these safe_strcpy macros, so simplifying them is worthwile
> to me.
> > As such I propose to remove the clobber_region() calls and the extra
> > functions arguments they required.  What do others think?
> Fine by me.
> > (The compile-time macros still work, and as they found a bug only today,
> > I'm not inclined to remove them.)
> Can you explain what and how you found a bug? As I said,
> these safe_strcpy macros are pretty much a mystery to me.


The outcome of the incredible macros in safe_string.h is that if you

char cmdstring[200];
safe_strcpy(cmdstring, panic_action, sizeof(cmdstring));

This will fail to compile, until changed to:

char cmdstring[200];
safe_strcpy(cmdstring, panic_action, sizeof(cmdstring) -1);

The macro uses some really, really scary code - testing at configure
time that a function call will be optimised out and using the ? operator
to test an expression using sizeof() the first argument.  

Why exactly it wants it to be sizeof(x)-1 I'm not sure, but that showed
that the macro still works. 

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

More information about the samba-technical mailing list