[3477] in cryptography@c2.net mail archive
Re: Medium-term real fix for buffer overruns
daemon@ATHENA.MIT.EDU (Ted Lemon)
Wed Oct 14 23:31:25 1998
To: Phil Karn <karn@qualcomm.com>
cc: smb@research.att.com, gnu@toad.com, reinhold@world.std.com,
decius@ninja.techwood.org, cryptography@c2.net
In-Reply-To: Your message of "Wed, 14 Oct 1998 19:37:54 PDT."
<199810150237.TAA29923@servo.qualcomm.com>
Date: Wed, 14 Oct 1998 23:22:08 -0400
From: Ted Lemon <mellon@hoffman.vix.com>
> Good point. Arguably these functions should be expunged too, in favor
> of strncat, strncpy, etc.
These are really no better. And strcat/strcpy and friends can
actually be used safely. Even sprintf can be used safely. Whereas
if you simply naively assume that strncpy did the right thing, you can
introduce really nasty errors that way too.
> Perl is the first language I've found to be worth learning since I
> learned C in 1978. There are certainly *many* ugly things in Perl, but
> the automatic memory management is really quite nice.
Ooh, let's not get into a discussion about *that*. :')
_MelloN_
