Re: [hackers-il] origins of strncpy
> Down to business. Why keep the parantheses? Please feel free to givemore parentheses -> more clarity -> less confusion.
> either stylistic or security-oriented arguments.
it's easier to write and audit code when you can
clearly see what it does. it's style that should be
kept throughout the code; not sizeof-specific, but
consistency is also important. :)
> A nice idea when you are starting a project from scratch. I dislikeyou dislike, but you do what's best for the users. the
> introducing non-standard (as strlcpy()/strlcat() regrettably are)
> functions to an existing project due to their non-self-descriptiveness
> as compared to use of known functions.
developers can live with a "i just added strlcpy and
strlcat, man-page is at [url], use them". users don't
trust software with a bad security history... (imho)
> Allow me to tap into your fullofitness, then. Perhaps your Google isi meant "search for [quote] no snprintf [unquote] on
> not my Google, but if you're aware of an snprintf()-avoiding
> technique, I'd like to hear about it. The only one I'm aware of
> involves I/O.
google for the solutions other people used in such a
situation, as you're obviously not the first, and win32
is definately not an obscure OS as some exotic others.
> I thought MSDN search for "snprintf" would give me at least a parallelyeah, i'm aware of how poor MSDN is. however,
> answer. I should not have been so optimistic.
the above-described google search plus the word
win32 will give you some enlightening results.
...and i hear microsoft has a new book about secure
programming? did you try it?
- --- Elad Efrat <elad@...> wrote:
>Since when Guy Keren is microsoft? A link to MSDN
> > > In light of the above, Guy's advice sounds
> > > reasonable, modulo s/char/TCHAR/g.
> > No no... That's the whole point... sizeof should
> refer to the
> > _variable_, not to the _type_. I said that if
> wchar use is an
> > option, then it even makes sense to sizeof a
> character array item.
> > But _types_ should not be sizeof'd this way,
> because the result is
> > no better than well-documented constants.
> i thought we already agreed on this. are we not
> programming advices from microsoft? :)
was only to illustrate how UCS2 can be character
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced search.