[6208] in bugtraq
Re: strcpy versus strncpy
daemon@ATHENA.MIT.EDU (Eivind Eklund)
Tue Mar 3 14:55:18 1998
Date: Tue, 3 Mar 1998 09:53:17 +0100
Reply-To: Eivind Eklund <eivind@YES.NO>
From: Eivind Eklund <eivind@YES.NO>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199803030031.BAA09114@tyr.diku.dk>; from Morten Welinder on Tue,
Mar 03, 1998 at 01:31:24AM +0100
On Tue, Mar 03, 1998 at 01:31:24AM +0100, Morten Welinder wrote:
> A recent article on BugTraq suggested that using strcpy should
> almost always be considered a bug. That's not right. It is,
> in fact, the wrong way around: strncpy is almost always a bug.
>
> True, strncpy will avoid buffer overruns, but that only proven
> that strncpy is better than incorrect use of strcpy. The problem
> is that such use of strncpy can introduce problems of its own:
The correct function to use for avoiding buffer overruns would be
sancpy() - strcpy with abort on overflow. Too bad nothing have the
function available at the moment - it is on the list of possible
enhancements for FreeBSD. The same goes for sanprintf().
Eivind.
