From: Andrew Tridgell <tridge@samba.anu.edu.au> To: sharpe@ns.aus.com Subject: Re: Changes to clitar.c: strcpy to pstrcpy ? Message-Id: <19980515134021Z12587961-6168+219@samba.anu.edu.au> Date: Fri, 15 May 1998 23:40:10 +1000
> I notice that someone has carefully gone through clitar and changed every
> occurrence of strcpy to pstrcpy.
That was Jeremy :)
I didn't do it in the earlier security audit because the client can
never be a security hole (it runs without special privilages).
> I would prefer to use strncpy and strncat
> where needed, especially since I use dynamically allocated strings in clitar.
better to use strlcpy() and strlcat() instead of strncpy() and
strncat().
The problems with strncpy() are that:
1) it zero fills the whole buffer. This is slow.
2) it doesn't null terminate the string if there is an overflow!
Cheers, Andrew