Ethereal-dev: Re: [Ethereal-dev] strcpy harmful, what?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Andrew Hood <ajhood@xxxxxxxxx>
Date: Sat, 22 Oct 2005 17:59:46 +1000
LEGO wrote:
> On 10/21/05, Rich Coe <Richard.Coe@xxxxxxxxxx> wrote:
> 
>>I think that replacing strcpy with a library function that (eventually)
>>calls strcpy (strncpy) a pointless, stupid exercise.
>>
>>It's slower and error prone.
> 
> 
> Reading from what you say it appears to me that you might are not
> aware of what a buffer overflow is. How they happen and why they are
> to be avoided. So in order to explain you why we use g_strncpy we have
> to explain the concepts of buffer overflow and malicious data.

-- snipage has occurred --

I believe the original posting said g_snprintf. Replacing copy with
printf would be crazy. How would you copy strings you knew contained
formatting strings?

I don't see why replacing strcpy with strncpy, strcat with strncat, and
 so on is not adequate.

If the answer is that these are not available on all platforms, then you
do the same thing other projects have done. Include one of the already
open sourced implementations.

Although I suppose g_strncpy must already have its own implementation
for those platforms.

-- 
There's no point in being grown up if you can't be childish sometimes.
                -- Dr. Who