Where is strnlen() ?
Kris Kennaway
kris at obsecurity.org
Wed Aug 11 13:03:27 PDT 2004
On Wed, Aug 11, 2004 at 07:32:54PM +0000, Thordur Ivar B. wrote:
> While porting software from a friend wich was developed under Linux, I stumbled
> upon an error: src/socket.c:236: warning: implicit declaration of function
> `strnlen'
>
> Now my programming experience is nothing to brag about but I wonder why strnlen
> is not a part of FreeBSD's libc. I think that the use of strlen() insted of
> strnlen() could resault in buffer-overflow risks and my fellows (most of them
> are more experienced in the art of programming say that bounds checking is
> always good.)
That's not a standard function outside the Linux world, and it's not
very necessary for security..no matter how you calculate the string
size, you still have to have your brain engaged when you copy it into
the destination buffer.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20040811/578707ba/attachment.bin
More information about the freebsd-hackers
mailing list