Re: Changes to clitar.c: strcpy to pstrcpy ?

Andrew Tridgell (tridge@samba.anu.edu.au)
Fri, 15 May 1998 23:40:10 +1000

From:	Andrew Tridgell <tridge@samba.anu.edu.au>
To:	sharpe@ns.aus.com
Subject: Re: Changes to clitar.c: strcpy to pstrcpy ?
Message-Id: <19980515134021Z12587961-6168+219@samba.anu.edu.au>
Date:	Fri, 15 May 1998 23:40:10 +1000

> I notice that someone has carefully gone through clitar and changed every
> occurrence of strcpy to pstrcpy.

That was Jeremy :)

I didn't do it in the earlier security audit because the client can
never be a security hole (it runs without special privilages).

> I would prefer to use strncpy and strncat
> where needed, especially since I use dynamically allocated strings in clitar.

better to use strlcpy() and strlcat() instead of strncpy() and
strncat().

The problems with strncpy() are that:

1) it zero fills the whole buffer. This is slow.
2) it doesn't null terminate the string if there is an overflow!

Cheers, Andrew