Purging of dangerous string functions

Contributed by jose on 2003-04-07 from the string-function-inquisition dept.

tony was one of a few to write:

"The OpenBSD team is currently purging the source of as many instances of dangerous string functions (strcpy, strcat, sprintf, etc) where they can. They will be replacing them with the the bounds-checking family of these functions (strlcat, strlcpy, snprintf, and asprintf) "where applicable."
Theo has asked everyone to help test the new code out when 3.4-snapshots become available.
MARCs archive of the email is here: Theo's Message "

The diffs between these files will be an excellent illustrative tool of how to migrate from functions that don't do bounds checking to ones that do. This is highly suggested reading for people that are interested in learning how to do this (because it's not always as simple as strcat() -> strlcat()).

(Comments are closed)

Comments

By Anonymous Coward () on 2003-04-07 02:55

3.4-snapshot? that's jumping the gun a bit. Those will be 3.3-current snapshots. 3.4 (if it's even called that) won't be in snapshot form for ~6 months when 3.4-beta is available, but, it could be 4.0 for all we know :)
Comments
1. By tony () tony@libpcap.net on 2003-04-07 03:14 http://libpcap.net
  
  Meh, you knew what I meant. ;)
  
  I was thinking pre 3.4 not post 3.3 which got me all clusterfscked. I meant 3.4 snapshots as in the releases before 3.4 for some reason. Ah well.
2. By Frollochy () on 2003-04-07 03:22
  
  Not exactly. Snapshots are just precompiled -current builds that they put together once in awhile and send out a call to testers. They can come as soon as a few days after -stable is released.
  Beta's are what come out and I believe they are essentially snapshots of -current that are created every so often after the code has been suspended for new features and they are bugtesting in preparation for the release.
  Comments
  1. By jolan () on 2003-04-07 10:26
    
    No.
    
    3.3-beta
    3.3
    3.3-current <-- we're here now
    3.4-beta
    3.4 <-- in ~6 months
    3.4-current
By Anonymous Coward () on 2003-04-07 05:22

It is official; Netcraft confirms:

str(cat|cpy) is dying. One more crippling bombshell hit the already beleaguered str* community when IDC confirmed that str market share has dropped yet again, now down to less than a fraction of 1 percent of all function calls...you get the idea :)
Comments
1. By Anonymous Coward () on 2003-04-07 08:42
  
  LOL
2. By Anonymous Coward () on 2003-04-07 09:25
  
  made me laugh my ass off :)
By Anonymous Coward () on 2003-04-07 08:59

That's strange. I thought that those functions were purged at the time when Todd added strl{cpy,cat} into the OpenBSD source (back when Todd and Theo published their USENIX paper). Guess I was wrong.
Comments
1. By Miod Vallat () miod@openbsd.org on 2003-04-07 16:47 mailto:miod@openbsd.org
  
  No, no, you are confusing with microbsd, who removed all calls to unsafe string functions ten years ago!
  
  (sorry... could not resist)
  Comments
  1. By Anonymous Coward () on 2003-04-08 02:18
    
    Narf!
By Anonymous Coward () on 2003-04-07 17:48

i think gcc optimizes these functions too
Comments
1. By mirabile () mirabile@bsdcow.net on 2003-04-07 19:18 http://MirBSD.BSDadvocacy.org/
  
  gcc is a shitload of crap and ought to be removed.
  Comments
  1. By Anonymous Coward () on 2003-04-07 21:44
    
    And replaced with?
    
    Comments
    
    By Anonymous Coward () on 2003-04-07 21:59
    
    just scared off
    
    By Anonymous Coward () on 2003-04-07 23:37
    
    OpenWatcom? (www.openwatcom.org)
    
    By Anonymous Coward () on 2003-04-08 00:43
    
    http://www.cs.bell-labs.com/sys/doc/comp.html once the license is sane.
    
    By awk fu () on 2003-04-08 00:46
    
    fortran!
    
    By Anonymous Coward () on 2003-04-09 06:08
    
    Intercal
2. By Anonymous Coward () on 2003-04-08 00:46
  
  In what sense? Strl* are definitely -not- in glibc, do you mean that gcc performs optimizations on the strl* functions during compile time then?
By Anonymous Coward () on 2003-04-08 00:59

I've never investigated the use of strlcat, strlcpy, etc myself, but is there any chance that replacing the old ANSI string invocations throughout the tree with strl* might introduce some new security flaws, even buffer overflows? Yes or absolutely not?
Comments
1. By tedu () on 2003-04-08 04:13
  
  if the bounds check is incorrect, using strlcpy won't help. but that's no worse off than no bounds check at all.
2. By Marc Espie () espie@openbsd.org on 2003-04-09 13:22 mailto:espie@openbsd.org
  
  Yep, there's a chance.
  
  However, this purge is done very carefully, and the code is replaced with clearer code. Those safe functions are just simpler to write code correctly for.
3. By Anonymous Coward () on 2003-04-10 22:11
  
  In addition to what Marc Espie said there's some gcc instrumentation being done that should catch most stupid errors using those functions.

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (10)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]