Why are strlcpy and strlcat considered insecure?

前端 未结 7 1040
一整个雨季
一整个雨季 2020-11-22 05:49

I understand that strlcpy and strlcat were designed as secure replacements for strncpy and strncat. However, some people

7条回答
  •  醉话见心
    2020-11-22 06:38

    I think Ulrich and others think it'll give a false sense of security. Accidentally truncating strings can have security implications for other parts of the code (for example, if a file system path is truncated, the program might not be performing operations on the intended file).

提交回复
热议问题