Hi, * TAKAHASHI Tamotsu [06-05-29 22:31:12 +0900] wrote:
* mon may 29 2006 thomas roessler <roessler@xxxxxxxxxxxxxxxxxx>return an int like in snprintf if all you want to do is know more about how much safe_strfcat copied. if you want to be able to use the result of safe_strfcat in other string operations, return a pointer to the destination string.
Good. I can simply use OpenBSD's strlcat. (That needs a few lines in configure.ac.) Anyway, the current code doesn't use the return value at all.
That's a bad idea due to a license clash.I honor your effort of making mutt more secure/robust with the arbitrary input we get... but: can you summarize in a short sentence what is wrong with the current code?
In some edge cases, our buffer sizes may be too small and we get truncation which may lead to more unexpected results. Which is bad, I agree. But I doubt it'll be worth it to check every single call of string operations...
bye, Rocco -- :wq!