Replace (most) strncpy calls w/ strlcpy

[nascheme]

BPO	595703
Nosy	@gvanrossum, @tim-one, @loewis, @nascheme
Files	strlcpy.c add_strlcpy.diff

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2002-08-16.02:42:21.000>
created_at = <Date 2002-08-15.19:27:57.000>
labels = ['interpreter-core']
title = 'Replace (most) strncpy calls w/ strlcpy'
updated_at = <Date 2002-08-16.02:42:21.000>
user = 'https://github.com/nascheme'

bugs.python.org fields:

activity = <Date 2002-08-16.02:42:21.000>
actor = 'tim.peters'
assignee = 'none'
closed = True
closed_date = None
closer = None
components = ['Interpreter Core']
creation = <Date 2002-08-15.19:27:57.000>
creator = 'nascheme'
dependencies = []
files = ['4516', '4517']
hgrepos = []
issue_num = 595703
keywords = ['patch']
message_count = 9.0
messages = ['40944', '40945', '40946', '40947', '40948', '40949', '40950', '40951', '40952']
nosy_count = 4.0
nosy_names = ['gvanrossum', 'tim.peters', 'loewis', 'nascheme']
pr_nums = []
priority = 'low'
resolution = 'rejected'
stage = None
status = 'closed'
superseder = None
type = None
url = 'https://bugs.python.org/issue595703'
versions = []

[nascheme]

I thought there as a bug or patch regarding this issue
but I can't find it now.

The Python interpreter has quite a few calls to
strncpy. Most of the calls intend to copy a string
without overflowing the destination buffer. strncpy is
ill suited for this purpose. It copies too much data
and does not guarantee that the destination string is
null terminated. strlcpy has been designed for this
purpose and should be used instead.

Since strlcpy is not available on all platforms I've
written a version that can be used if it is missing.
The BSD version unfortunately carries the annoying
advertising requirement so it can't be used.

Please review the strlcpy implementation. The patches
to change the interpreter to use it are coming.

[nascheme]

Logged In: YES
user_id=35752

Patch to make strlcpy available to the interpreter. No calls to
strncpy have been changed.

[tim-one]

Logged In: YES
user_id=31435

Neil, the patch you're thinking of is attached to this bug
tracker item:

[487703] Replace strcat, strcpy

We should close one of these guys as a duplicate. I
apologize for sitting on that bug for so long! It just hasn't
seemed a priority.

BTW, I expect this is so straightforward that you should just
check in appropriate changes at will.

[loewis]

Logged In: YES
user_id=21627

I'm strongly opposed to strlcpy. It's an invention that
serves no real purpose, and I hope it won't find its way
into Python.

Instead, it should be sufficient to review all calls to
strncpy for correctness. It *is* possible to use strncpy in
a safe way, and I suggest that the places where it is used
unsafely are corrected.

Since I'm with prejudice, I'm not really qualified to review
the patch.

[nascheme]

Logged In: YES
user_id=35752

See
http://www.usenix.org/events/usenix99/full_papers/millert/millert_html/
for a paper on strlcpy.

[nascheme]

Logged In: YES
user_id=35752

See bug 487703 for some more discussion. It seems
there is some controversy surrounding the strlcpy and
strlcat functions.

[nascheme]

Logged In: YES
user_id=35752

Oops, didn't mean to close this just yet.

[gvanrossum]

Logged In: YES
user_id=6380

Well, *I* say we ignore it.

[tim-one]

Logged In: YES
user_id=31435

Since Guido closed this again, based on his comment I
expect he intended to reject it, so changed Resolution to
Rejected.