[sr #107522] Use of dangerous/banned functions
Jeffrey Walton
INVALID.NOREPLY at gnu.org
Thu Nov 18 04:21:44 CET 2010
Follow-up Comment #6, sr #107522 (project gnutls):
Hi Simon,
This statement needs a little more elaboration:
> So the policy [which I prefer] is "secure, robust, efficient, and portable
code."
== Secure ==
Here's the signature for a secure strcpy (less restricted pointers).
Obviously, the const on the pointers can be dropped but I prefer them until
otherwise.
Many folks don't care for it (especially if the function asserts), but if
fully specifies all parameters. It returns success, bad parameter, or
truncation.
errno_t safe_str_copy(char* const pDest, size_t nDest,
const char* const pSrc, size_t nSrc, size_t nCount);
== Robust ==
For "robust", the project will have to determine what to do. I personally
think perror/exit is the least desired combination. But sometimes its all you
have.
== Efficient ==
Make one pass, do things in less than (or equal to) O(n), and turn to the
native ASM memcpy (which should already be done).
== Portable ==
Use wrappers and (a) strcpy_s or StringCbCopy on Microsoft (b) strlcpy on BSD
and Solaris, and (c) memcpy on GNU systems.
Jeff
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?107522>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
More information about the Gnutls-devel
mailing list