[jira] Commented: (TS-369) Add safer strlcat, strlcpy functions instead strncat, strncpy ones

["Leif Hedstrom (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/TS-369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12872838#action_12872838 ] 

Leif Hedstrom commented on TS-369:
----------------------------------

Please commit the additions of these new APIs, so we can start transitioning to them. At least then we can "fix" code as we see it, and new code can start using the BSD style APIs.

Btw, are there any "licensing" issues with the implementations of these APIs? Are they from BSD? I don't see any attribution anywhere in the patch? Before committing, please make sure we have the appropriate license, if necessary (if they have their own license, maybe even more the functions out of ink_string.cc, I think the custom at ASF is to not dual-license code unless necessary).

> Add safer strlcat, strlcpy functions instead strncat, strncpy ones
> ------------------------------------------------------------------
>
>                 Key: TS-369
>                 URL: https://issues.apache.org/jira/browse/TS-369
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Mladen Turk
>            Assignee: Mladen Turk
>            Priority: Minor
>             Fix For: 2.1.1
>
>         Attachments: strlfn.patch
>
>
> Currently we are using strncpy and strncat set of functions and their more secure ink_strncat, ink_strncpy versions that
> make the string is NUL terminated.
> Since we are mostly operating on stack buffers of known size use BSD str "l" variants that use total length of
> destination string as maximum number of chars to copy instead remaining of the string.
> This makes code more secure because one doesn't need to subtract already consume buffer

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.