[PATCH] Remove clobber_region() etc

[Andrew Bartlett]

On Tue, 2011-03-22 at 19:32 +1100, Andrew Bartlett wrote:
> On Tue, 2011-03-22 at 08:27 +0100, Volker Lendecke wrote:

> > 
> > That's scary indeed. And Coverity does not like it. I think
> > strlcpy is a much better API which is a lot less
> > error-prone. I see the point to check if the target is the
> > right size, but strcpy from my point of view could just go
> > away.
> 
> Why does Coverity not like it?  The weird macro stuff can be avoided as
> long as their compile doesn't define
> HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS
> 
> > Just brainstorming: Is it possible to have a macro around
> > strlcpy that finds the target size automatically and is only
> > usable for static or stack-allocated arrays?
> 
> I certainly think I could add a checked_strlcpy().  We could use it
> alongside strlcpy(), with the developer choosing to use the checked or
> unchecked variant, rather than the compiler guessing. 
> 
> The big advantage of this is that the semantics would be well defined,
> being only checks in addition to strlcpy(), and we would not abuse the
> 'safe' prefix that we keep adding to functions that can still be quite
> unsafely used.
> 
> (a grep of the tree for safe_strcpy() shows a scary number of calls to
> strlen() and similar things - these may all be perfectly OK, but
> illustrates that calling a macro or function 'safe' doesn't make the
> unsafe safe). 

Attached are my revised patches, before I call it a night.  I think I've
made the safe_string.h functions easier to handle.

I've also added the checked_strlcpy(), but once you start looking there
are precious few places we can use it.  Even the example I converted to
show it works should be rewritten - it shows why the clobber_region just
caused trouble and as far as I can see should have been just
push_ascii()...

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.