Skip to content

Cleaning up some code.#273

Merged
jboeuf merged 1 commit intogrpc:masterfrom
nicolasnoble:memcpy
Jan 29, 2015
Merged

Cleaning up some code.#273
jboeuf merged 1 commit intogrpc:masterfrom
nicolasnoble:memcpy

Conversation

@nicolasnoble
Copy link
Copy Markdown
Contributor

@nicolasnoble nicolasnoble commented Jan 29, 2015

The correct thing to do here is to use memcpy instead of strncpy.

@nicolasnoble
Cleaning up some code.
a2a03d4 
The correct thing to do here is to use memcpy instead of strncpy.
@jboeuf
Copy link
Copy Markdown
Contributor

jboeuf commented Jan 29, 2015

I don't have an issue with the change but why is that more correct?

@nicolasnoble
Copy link
Copy Markdown
Contributor Author

nicolasnoble commented Jan 29, 2015

So, several things. But long story short, for all intend and purposes, what the code was doing is effectively a memcpy.

-) strncpy is used to copy a string with a max string limit - aka, you don't know in advance how many bytes you want to copy, but you know you don't want more than 'n' bytes to be copied. This isn't your case here: you know already how many bytes you have.
-) you've already done the strlen before - you know the input length, and strncpy is only going to re-test for the string '\0' at every char for quite no good reason.
-) you're at the max size of the string anyway, so you're in fact hitting the "bad behavior" of strncpy:

$ man strncpy
[...]
Warning: If there is no null byte among the first n bytes of src, the string placed in dest will not be null-terminated.

Some security-checker tools might start yelling at that, as doing a strncpy at its max, and not immediately adding a zero behind it is considered an obvious memory exploit.

-) for that bad behavior reason, strncmp is considered harmful, and shouldn't be used, unless you really know what you're doing. It's in fact flagged as depreciated under win32's libraries.

@jboeuf
Copy link
Copy Markdown
Contributor

jboeuf commented Jan 29, 2015

And I'm the security guy. hehe :). LGTM.

On Wed, Jan 28, 2015 at 7:05 PM, Nicolas Noble notifications@github.com
wrote:

So, several things. But long story short, for all intend and purposes,
what the code was doing is effectively a memcpy.

-) strncpy is used to copy a string with a max string limit - aka, you
don't know in advance how many bytes you want to copy, but you know you
don't want more than 'n' bytes to be copied. This isn't your case here: you
know already how many bytes you have.
-) you've already done the strlen before - you know the input length, and
strncpy is only going to re-test for the string '\0' at every char for
quite no good reason.
-) you're at the max size of the string anyway, so you're in fact hitting
the "bad behavior" of strncpy:

$ man strncpy
[...]
Warning: If there is no null byte among the first n bytes of src, the
string placed in dest will not be null-terminated.

Some security-checker tools might start yelling at that, as doing a
strncpy at its max, and not immediately adding a zero behind it is
considered an obvious memory exploit.

-) for that bad behavior reason, strncmp is considered harmful, and
shouldn't be used, unless you really know what you're doing. It's in fact
flagged as depreciated under win32's libraries.


Reply to this email directly or view it on GitHub
#273 (comment).

jboeuf added a commit that referenced this pull request Jan 29, 2015
@jboeuf
Merge pull request #273 from nicolasnoble/memcpy
59a1f61 
Cleaning up some code.
@jboeuf jboeuf merged commit 59a1f61 into grpc:master Jan 29, 2015
@jboeuf jboeuf deleted the memcpy branch January 29, 2015 03:17
@lock lock bot locked as resolved and limited conversation to collaborators Feb 2, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

@jboeuf jboeuf

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nicolasnoble @jboeuf