Usage of Secure C (memcpy_s, strcpy_s etc) functions on OpenSSL

Phillip Susi phill at
Wed Nov 27 14:59:35 UTC 2019

Michael Wojcik writes:

> Some C experts have argued that the length-checking versions of the library functions, either the C90 ones such as strncat or the Appendix K ones, are essentially pointless anyway; that the caller needs to handle truncation and so ought to know whether truncation (or overflow) would occur before attempting the operation.

Isn't this normally/easilly handled simply by passing sizeof( buffer ) -
1?  Then the last byte is always \0 whether or not the copy was truncated.

More information about the openssl-users mailing list