From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=IKYA=75=gmail.com=alx.manpages@sourceware.org>
Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com [IPv6:2a00:1450:4864:20::334])
	by sourceware.org (Postfix) with ESMTPS id E91683858D28
	for <libc-alpha@sourceware.org>; Thu,  6 Apr 2023 22:19:46 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E91683858D28
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-wm1-x334.google.com with SMTP id n10-20020a05600c4f8a00b003ee93d2c914so25925130wmq.2
        for <libc-alpha@sourceware.org>; Thu, 06 Apr 2023 15:19:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112; t=1680819584; x=1683411584;
        h=in-reply-to:from:references:to:content-language:subject:user-agent
         :mime-version:date:message-id:from:to:cc:subject:date:message-id
         :reply-to;
        bh=PUjjME2Zt+QSjmRnVJQ9yaOlgnbpRqa774NNAkzAvNY=;
        b=l+mQ2PQmOhNMxYkJ1HGQVKzNBR/8bBfPMMLPD0aOsC/dcU9rEQXzpr+Y6wz+Sdb3SA
         YmjD7kRHJxpTDX1qcmeGRpZomxuzbw5v7dVoZJPnuyjNmNRdTb7HLFHGZa5tdSi1o5kK
         XkYiszgMAboi5qJbEoOlKP6qUjahnTmb+N0FLwXoHK0etAG8AsRnSkGIdspQBzBiNnug
         /YmfB3+lyCeWIaxOh5rHasMf+Ry/nliQ1kz6KESKANL+jk/2EIYh6MApwHSB0xGydGRb
         OFQkDCZY/CtNMXhuJrrpYZiQj4AEuv42jmDyT9P8Jdu+7yalZsLpdyMAUHcnKSJcMWTI
         D87g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112; t=1680819584; x=1683411584;
        h=in-reply-to:from:references:to:content-language:subject:user-agent
         :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject
         :date:message-id:reply-to;
        bh=PUjjME2Zt+QSjmRnVJQ9yaOlgnbpRqa774NNAkzAvNY=;
        b=gWeLK/twcWiwdeVRvY13MYVOQ4axSoZ5zKq3biQwBNKPn8ye057jKxgmjn5bftp0a2
         HosIznH4wLlvKk/VyKH6Qj6qvaBNK0sBjNnU3m4FEnZMbVLeGcE6DLYPY2pv6DMeRugi
         zGeJUPX5ajilBlF9VzlDp5NuVTuebUn7zMLyhpxuVBsZOrR/gOwFHeSX7CdPTYHiPam5
         kRwdjQ/vGSwsaFSqhWxPH80rsR1rrlJEg1ETRIgvrIWsH7+3c3bRENc19UidXBKs77Pb
         1RZ94H+AI8sleWL9Z6yL7Fky4U2yQUhECeAsCGoimCnq9SPuuvJEcMsX4MZ4rs/vGU80
         b2zg==
X-Gm-Message-State: AAQBX9fQRQyaonq53LPFpyOFS7h9V9aWc1BD8aeH4ocPw2IWnhz0X0VD
	lgyzuLzfSxyh2MZbt9Pod5k=
X-Google-Smtp-Source: AKy350aziQFH0TdihM+3Bz/ItsIwVyktNkjsA1ctvRM8fyjaV7h3pEsr7IN1Q3UX6v5OJdxrqQbsEQ==
X-Received: by 2002:a7b:c4d8:0:b0:3eb:2e1e:beae with SMTP id g24-20020a7bc4d8000000b003eb2e1ebeaemr8112564wmk.25.1680819584557;
        Thu, 06 Apr 2023 15:19:44 -0700 (PDT)
Received: from [192.168.0.160] ([170.253.51.134])
        by smtp.gmail.com with ESMTPSA id b5-20020adfee85000000b002c557f82e27sm2775059wro.99.2023.04.06.15.19.43
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Thu, 06 Apr 2023 15:19:44 -0700 (PDT)
Message-ID: <af0e8577-4a15-d26a-d04d-31e189f8d0c3@gmail.com>
Date: Fri, 7 Apr 2023 00:19:43 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.9.1
Subject: Re: [PATCH 1/2] Implement strlcpy and strlcat [BZ #178]
Content-Language: en-US
To: Florian Weimer <fw@deneb.enyo.de>,
 Alejandro Colomar via Libc-alpha <libc-alpha@sourceware.org>
References: <cover.1680693362.git.fweimer@redhat.com>
 <f2b8dcd6c84557b79f1398c0ca3e55d0f3b10584.1680693362.git.fweimer@redhat.com>
 <8513afd6-e276-05d5-bc4c-0722de71e0af@gmail.com>
 <87fs9cn171.fsf@mid.deneb.enyo.de>
From: Alejandro Colomar <alx.manpages@gmail.com>
In-Reply-To: <87fs9cn171.fsf@mid.deneb.enyo.de>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------wz01hleOBwomegIdLrXzRMyb"
X-Spam-Status: No, score=-5.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-alpha.sourceware.org>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------wz01hleOBwomegIdLrXzRMyb
Content-Type: multipart/mixed; boundary="------------ZOGfLIkTuoa2IMNR0MNAYVVV";
 protected-headers="v1"
From: Alejandro Colomar <alx.manpages@gmail.com>
To: Florian Weimer <fw@deneb.enyo.de>,
 Alejandro Colomar via Libc-alpha <libc-alpha@sourceware.org>
Message-ID: <af0e8577-4a15-d26a-d04d-31e189f8d0c3@gmail.com>
Subject: Re: [PATCH 1/2] Implement strlcpy and strlcat [BZ #178]
References: <cover.1680693362.git.fweimer@redhat.com>
 <f2b8dcd6c84557b79f1398c0ca3e55d0f3b10584.1680693362.git.fweimer@redhat.com>
 <8513afd6-e276-05d5-bc4c-0722de71e0af@gmail.com>
 <87fs9cn171.fsf@mid.deneb.enyo.de>
In-Reply-To: <87fs9cn171.fsf@mid.deneb.enyo.de>

--------------ZOGfLIkTuoa2IMNR0MNAYVVV
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 4/6/23 23:35, Florian Weimer wrote:
> NetBSD says this:
>=20
> | Note however, that if strlcat() traverses size characters without
> | finding a NUL, the length of the string is considered to be size and
> | the destination string will not be NUL-terminated (since there was
> | no space for the NUL).  This keeps strlcat() from running off the
> | end of a string.  In practice this should not happen (as it means
> | that either size is incorrect or that dst is not a proper ``C''
> | string).  The check exists to prevent potential security problems in
> | incorrect code.
>=20
> <https://man.netbsd.org/strlcat.3>
>=20
> OpenBSD alludes to this as well:
>=20
> | strlcat() appends string src to the end of dst. It will append at
> | most dstsize - strlen(dst) - 1 characters. It will then
> | NUL-terminate, unless dstsize is 0 or the original dst string was
> | longer than dstsize (in practice this should not happen as it means
> | that either dstsize is incorrect or that dst is not a proper
> | string).
>=20
> <https://man.openbsd.org/strlcat>
>=20
> So I think we should be calling strnlen here.  If we call strlen
> instead, we'd have to bound the result.

AFAIR, the design behind strlcpy(3) and cat(3) was that they would
intentionally overrun the buffers (read-only) to force crashes as
much as possible, which would uncover bugs in the code, rather than
silently continuing.  Don't know why they changed that.  Since it's
just reading the string without writing to it, I don't think anything
worse than a crash could possibly happen.

Cheers,
Alex

>=20
> Thanks,
> Florian

--=20
<http://www.alejandro-colomar.es/>
GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5

--------------ZOGfLIkTuoa2IMNR0MNAYVVV--

--------------wz01hleOBwomegIdLrXzRMyb
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE6jqH8KTroDDkXfJAnowa+77/2zIFAmQvRX8ACgkQnowa+77/
2zIcuA//UUF8R7PK8WrV5wMVjXHloaZJec8Ft8+ped3QLnhtbLobMOIbhsEkrDkp
Uk0HvzND0XXsTT8EBsc/aoxeAQTmT3yOQMSqrhTNBsYGBwF1o140H561l3wB0pv/
XLgLicjGmvkVoNB8eaFjh5dBSEhuQ6Fadv4vpbQ1BgHKqPdwMU38yHRFCiip6/oI
PSLcTQ6teIeA9GQFyqzTxdJXCphYNOQKs+6R/OSFC275winuf1AM+sOvLZxe14X6
Qnocu843guJeq5hb9VsJCmZpgQhq7pKnygIayEOszw3kPk5ZraS5gkrwy1Yyvo3o
9Ll5Ts4wFyqpCN/QrodBr/oyblxGTfr6RF6Whrbo5ZpkZKE2Ww6hBVrgYEXty1kV
OPbyfHae6JZaM3WXJpqQ6OFagHX4P5aju0aMoIp2iImW2/H0hVfBoa1l2sEKrrrJ
q5plWPWdDZZFef/eHu7JjacTQbaqqC/LQ4726IE8PXpQrUg1IESBycLa12CHC4Ch
k7JvUcXxgSDyL/943xjlHxC/4MKB0/348sSZhwqxQZjRkCMQQ+t+DdiVV33rJiPo
d9NY1RTgz+CtKsbDpCU7gzmJwxhY0Vy8ykLZhcRBDL/uwklnvwqVJ5YG5a5F3upw
QYEU9qglD13MHHkGDET8hvdQkMYDV4fhmHZNQPbuGAMxQJTshSk=
=xVu2
-----END PGP SIGNATURE-----

--------------wz01hleOBwomegIdLrXzRMyb--