r1168 - trunk/BOOK/chapter06

robert at linuxfromscratch.org robert at linuxfromscratch.org
Sun Jun 17 05:19:01 PDT 2007


Author: robert
Date: 2007-06-17 06:19:01 -0600 (Sun, 17 Jun 2007)
New Revision: 1168

Modified:
   trunk/BOOK/chapter06/glibc.xml
Log:
rewrote the strlcpy/strlcat patch description, for glibc

Modified: trunk/BOOK/chapter06/glibc.xml
===================================================================
--- trunk/BOOK/chapter06/glibc.xml	2007-06-16 19:46:14 UTC (rev 1167)
+++ trunk/BOOK/chapter06/glibc.xml	2007-06-17 12:19:01 UTC (rev 1168)
@@ -140,21 +140,31 @@
 
 <screen role="blowfish"><userinput>patch -Np1 -i ../&glibc-blowfish-patch;</userinput></screen>
 
-    <para role="misc">This patch adds the strlcpy() and strlcat() functions which
-    are replacements for strncpy() and strncat(). There is a manual page in
-    <filename>manual/strlcpy.3</filename> after applying this patch. A paper
+    <para role="misc">This patch adds the <function>strlcpy</function> and
+    <function>strlcat</function> functions and manual pages to Glibc. A paper
     written about these functions is available here:
-    <ulink url="http://www.courtesan.com/todd/papers/strlcpy.html"/>. Glibc has
-    refused to add these functions, the mail tread starts here:
-    <ulink url="http://sources.redhat.com/ml/libc-alpha/2000-08/msg00052.html"/>.
-    Linus Torvalds has added a similar function to the Linux kernel, to replace
-    strncpy(), and that thread is here:
-    <ulink url="http://lwn.net/Articles/33814/"/>. As you can see there is some
-    controversy concerning the strlcpy() and strlcat(), however they do result
-    in fewer buffer overflows overall, so they are recommended. This patch is
-    completely optional and requires no other effort to use. Many BLFS packages
-    will autoconfigure to use strlcpy() and strlcat() if they are found in
-    libc:</para>
+    <ulink url="http://www.courtesan.com/todd/papers/strlcpy.html"/>. The Glibc
+    project has refused to add these functions, and that mail tread starts
+    here: <ulink
+    url="http://sources.redhat.com/ml/libc-alpha/2000-08/msg00052.html"/>.
+    Linus Torvalds has added a similar function to the Linux kernel, and that
+    mail thread is here: <ulink url="http://lwn.net/Articles/33814/"/>. The
+    <function>strlcpy</function> and <function>strlcat</function> functions
+    are replacements for the <function>strncpy</function> and
+    <function>strncat</function>. The controversy of these functions is that
+    <function>strlcpy</function> and <function>strlcat</function> copy the
+    source data to the destination buffer until the destination is full, and
+    discards the rest of the data if there is any. This means that these
+    functions will never overflow. The basis for the Glibc team's refusal to
+    add these functions is that they silently hide programing errors, and
+    they have a higher performance hit than <function>strncpy</function> and
+    <function>strncat</function>. These functions should not be needed in a
+    perfect world, but were invented to deal with the real world. Many
+    packages will use these functions if they are found, such as Perl and
+    many BLFS packages. These functions do reduce buffer overflows, and so
+    they are recommended. After installing this patch no other effort is
+    needed to use it. Packages will use autotools to detect whether they are
+    available or not:</para>
 
 <screen role="misc"><userinput>patch -Np1 -i ../&glibc-strlcpy_strlcat-patch;</userinput></screen>
 




More information about the hlfs-book mailing list