[sr #107522] Use of dangerous/banned functions

Jeffrey Walton INVALID.NOREPLY at gnu.org
Thu Nov 18 04:21:44 CET 2010

Follow-up Comment #6, sr #107522 (project gnutls):

Hi Simon,

This statement needs a little more elaboration:

> So the policy [which I prefer] is "secure, robust, efficient, and portable

== Secure ==

Here's the signature for a secure strcpy (less restricted pointers).
Obviously, the const on the pointers can be dropped but I prefer them until

Many folks don't care for it (especially if the function asserts), but if
fully specifies all parameters. It returns success, bad parameter, or

errno_t safe_str_copy(char* const pDest, size_t nDest,
    const char* const pSrc, size_t nSrc, size_t nCount);

== Robust ==

For "robust", the project will have to determine what to do. I personally
think perror/exit is the least desired combination. But sometimes its all you

== Efficient ==
Make one pass, do things in less than (or equal to) O(n), and turn to the
native ASM memcpy (which should already be done).

== Portable ==
Use wrappers and (a) strcpy_s or StringCbCopy on Microsoft (b) strlcpy on BSD
and Solaris, and (c) memcpy on GNU systems.



Reply to this item at:


  Message sent via/by Savannah

More information about the Gnutls-devel mailing list