#1122 closed Enhancement (wontfix)
Avoid strcpy with variable arguments
| Reported by: | SteffenMoeller | Owned by: | davea |
|---|---|---|---|
| Priority: | Trivial | Milestone: | Undetermined |
| Component: | BOINC - API | Version: | 6.13.1 |
| Keywords: | security | Cc: |
Description
This should all become strncpy. The typical 255+1 for wu, server and many other names just are exceeded all too easily.
Attachments (1)
Change History (3)
Changed 13 years ago by
| Attachment: | ConstantsForHeaderFiles.patch added |
|---|
comment:1 Changed 13 years ago by
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
What class of bugs is this intended to fix?
This is not an area where piecemeal changes make sense. If there actually is a problem, the solution is to use std::string instead of char[256] everywhere.
comment:2 Changed 13 years ago by
| Type: | Defect → Enhancement |
|---|
My wording was unfortunate. There is no bug, or none I know of. Just when creating workunits there was no immediately obvious way for me to check what maximal length their name may possibly have. The example code on http://boinc.berkeley.edu/trac/wiki/WorkGeneration uses strcpy into a fixed array. This entry was meant as a reminder that somehwen one should possibly look at this.
The fixed width in the C code may not be too bad when the same limits are also in the database schema. But yes, I like std::string.
Patch against boinc 6.13.1 introducing BOINC_NAME_LENGTH #define