Usage of Secure C (memcpy_s, strcpy_s etc) functions on OpenSSL
Andrew Tucker
andrew.tucker at salesforce.com
Wed Nov 27 18:03:35 UTC 2019
Unless buffer is a char* instead of a char[] in which case its completely
wrong. A very common case among buggy C code.
On Wed, Nov 27, 2019 at 7:09 AM Phillip Susi <phill at thesusis.net> wrote:
>
> Michael Wojcik writes:
>
> > Some C experts have argued that the length-checking versions of the
> library functions, either the C90 ones such as strncat or the Appendix K
> ones, are essentially pointless anyway; that the caller needs to handle
> truncation and so ought to know whether truncation (or overflow) would
> occur before attempting the operation.
>
> Isn't this normally/easilly handled simply by passing sizeof( buffer ) -
> 1? Then the last byte is always \0 whether or not the copy was truncated.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20191127/ebe61e29/attachment.html>
More information about the openssl-users
mailing list