[Dnsmasq-discuss] Insecure function use
Albert ARIBAUD
albert.aribaud at free.fr
Fri Aug 30 10:58:29 BST 2013
Le 30/08/2013 11:52, microcai a écrit :
> 2013/8/30 Rosen Penev <rosenp at gmail.com>:
>> I did a git grep for strcat, strcpy, and sprintf and found numerous entries
>> in the codebase. Is there a specific reason for their use?
>
> Who told you strcat/strcpy/sprintf is not secure ?
> This is absolutely non-sense.
To be less binary -- if I may say so about software -- strcat, strcpy,
sprintf etc are not insecure *per se*, and strncpy for instance is not
any "more secure" *per* se*.
Uses of the functions, on the other hand, are secure or not depending on
a contextual analysis.
Rosen, did you analyze the uses of the functions beyond their mere
appearance as shown by a grep?
Amicalement,
--
Albert.
More information about the Dnsmasq-discuss
mailing list