Bugtraq mailing list archives

Re: strcpy versus strncpy

From: eivind () YES NO (Eivind Eklund)
Date: Tue, 3 Mar 1998 09:53:17 +0100


On Tue, Mar 03, 1998 at 01:31:24AM +0100, Morten Welinder wrote:

A recent article on BugTraq suggested that using strcpy should
almost always be considered a bug.  That's not right.  It is,
in fact, the wrong way around: strncpy is almost always a bug.

True, strncpy will avoid buffer overruns, but that only proven
that strncpy is better than incorrect use of strcpy.  The problem
is that such use of strncpy can introduce problems of its own:


The correct function to use for avoiding buffer overruns would be
sancpy() - strcpy with abort on overflow.  Too bad nothing have the
function available at the moment - it is on the list of possible
enhancements for FreeBSD.  The same goes for sanprintf().

Eivind.

Current thread:

Re: strcpy versus strncpy, (continued)
- - Re: strcpy versus strncpy Joe Zbiciak (Mar 02)
- Re: strcpy versus strncpy Daniel Reed (Mar 02)
  - Re: strcpy versus strncpy Kragen (Mar 03)
    - Re: strcpy versus strncpy Wietse Venema (Mar 03)
  - Re: strcpy versus strncpy pedward () WEBCOM COM (Mar 03)
- Re: strcpy versus strncpy Aleph One (Mar 02)
- Re: strcpy versus strncpy sinster () DARKWATER COM (Mar 02)
  - Re: strcpy versus strncpy Nick Maclaren (Mar 03)
  - Re: strcpy versus strncpy Mark Walker (Mar 03)
- updatedb: sort patch Michael Ballbach (Mar 02)
- Re: strcpy versus strncpy Eivind Eklund (Mar 03)
- Vulnerabilites in some versions of info2www CGI Niall Smart (Mar 03)
- Universal Wrapper Willy TARREAU (Mar 03)
- Re: strcpy versus strncpy Victor Lavrenko (Mar 03)
- Re: strcpy versus strncpy Chris L. Mason (Mar 03)
  - Re: strcpy versus strncpy Mark Whitis (Mar 04)
- Re: strcpy versus strncpy Andy Church (Mar 02)
- Re: strcpy versus strncpy Edwin Li-Kai Liu (Mar 03)
- Re: strcpy versus strncpy Ben Laurie (Mar 03)
- Re: strcpy versus strncpy Chris L. Mason (Mar 03)
- Re: strcpy versus strncpy der Mouse (Mar 04)

(Thread continues...)