[Asterisk-Dev] Is anyone thinking anymore?

Karl Brose khb at brose.com
Mon Jul 26 07:25:43 MST 2004 

Naturally, the debate over the pros and cons of strcpy vs. strncpy, and 
sprintf vs snprintf and their various siblings in the  group
is not new.
What is termed "defensive programming" here simply does not stand up to 
intellectual challenge, rather is an indication of doubt and insecurity.
There is no protection against someone messing up this or any other 
code, in fact with these changes you are giving an inexperienced coder 
even more chances to make errors.   The introduction of additional 
complexity brings additional problems.  The use of strncpy in the 
majority of cases turns out to be a bug in itself, as it can be (and 
should be) avoided with proper and simple techniques. This has been 
argued many times elsewhere. The performance penalty here is tremendous, 
but may seem trivial in this context.
Given the number of string copies with strncpy (.... -1 ) in asterisk, 
say chan_sip, I would challenge anyone to reliably tell me just how long 
strings end up in various place if they were close to the maximum 
sizes.  The only thing that's consoling is that buffers are mostly 
allocated well beyond their natural string sizes, all the more reason to 
avoid strncpy.


Peter Svensson wrote:

>On Sun, 25 Jul 2004, Karl Brose wrote:
>
>  
>
>>In recent CVS updates we can observe code changes (strangely called 
>>"source audits") such as those quoted below.
>>The old code is perfectly legal, stable, safe, technically sound, and 
>>readable.
>>    
>>
>
>Both of the changes below appear to be what one can call defensive 
>programming. Used consistently they reduce the risk of a future change 
>introducing an unintended behaviour such as a buffer overflow. For it to 
>have the best effect the rules the programmers are to follow need to be 
>available. 
>
>It is a trade-off between execution speed and the future cost of 
>maintanence. In C you as a programmer get somewhat less support for this 
>from the compiler than in some other languages. 
>
>  
>
>>-       char ilimits[40];
>>-       char olimits[40];
>>+       char ilimits[40] = "";
>>+       char olimits[40] = "";
>>    
>>
>
>[snip]
>
>  
>
>>-                       strcpy(ilimits, "N/A");
>>+                       strncpy(ilimits, "N/A", sizeof(ilimits) - 1);
>>    
>>
>[snip]
>  
>
>>-                       strcpy(olimits, "N/A");
>>+                       strncpy(olimits, "N/A", sizeof(olimits) - 1);
>>    
>>
>
>Peter
>--
>Peter Svensson      ! Pgp key available by finger, fingerprint:
><petersv at psv.nu>    ! 8A E9 20 98 C1 FF 43 E3  07 FD B9 0A 80 72 70 AF
>------------------------------------------------------------------------
>Remember, Luke, your source will be with you... always...
>
>
>_______________________________________________
>Asterisk-Dev mailing list
>Asterisk-Dev at lists.digium.com
>http://lists.digium.com/mailman/listinfo/asterisk-dev
>To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-dev
>
>  
>

More information about the asterisk-dev mailing list