LibTiff Mailing List

• TIFF and LibTiff Mailing List Archive
• July 2010

• Previous Thread
• Next Thread

• Previous by Thread
• Next by Thread

• Previous by Date
• Next by Date

Contact

The TIFF Mailing List Homepage
Archive maintained by AWare Systems

Thread

2010.07.08 16:25 "[Tiff] strlcpy vs strncpy", by Bob Friesenhahn

2010.07.08 18:03 "Re: [Tiff] strlcpy vs strncpy", by Lee Howard

2010.07.08 18:06 "Re: [Tiff] strlcpy vs strncpy", by Olivier Paquet

2010.07.11 17:36 "Re: [Tiff] strlcpy vs strncpy", by Edward Lam

2010.07.12 19:30 "[Tiff] strncpy in tiffcrop", by Richard Nolde

2010.07.12 20:31 "Re: [Tiff] strncpy in tiffcrop", by Edward Lam

2010.08.06 18:21 "Re: [Tiff] tiff4 on 32-bit Windows", by Toby Thain

2010.08.06 15:05 "[Tiff] tiff4 on 32-bit Windows", by John

2010.08.06 15:21 "Re: [Tiff] tiff4 on 32-bit Windows", by Bob Friesenhahn

2010.08.06 15:57 "Re: [Tiff] tiff4 on 32-bit Windows", by John

2010.08.06 16:24 "Re: [Tiff] tiff4 on 32-bit Windows", by Edward Lam

2010.08.06 16:51 "Re: [Tiff] tiff4 on 32-bit Windows", by Bob Friesenhahn

2010.08.06 16:38 "Re: [Tiff] tiff4 on 32-bit Windows", by Bob Friesenhahn

2010.08.09 12:59 "Re: [Tiff] tiff4 on 32-bit Windows", by John

2010.08.06 15:37 "Re: [Tiff] tiff4 on 32-bit Windows", by Olivier Paquet

2010.08.07 06:34 "[Tiff] tiffcp crashes on planar to strip conversion for < 8 bit", by Andreas Kleinert

2010.08.07 06:36 "Re: [Tiff] tiffcp crashes on tile to strip conversion for < 8 bit", by Andreas Kleinert

2010.08.15 04:45 "Re: [Tiff] tiffcp crashes on planar to strip conversion for < 8 bit", by Lee Howard

2010.07.10 11:04 "Re: [Tiff] strlcpy vs strncpy", by Albert Cahalan

2010.07.10 13:27 "Re: [Tiff] strlcpy vs strncpy", by Kevin Myers

2010.07.10 13:50 "Re: [Tiff] strlcpy vs strncpy", by Bob Friesenhahn

2010.07.11 07:34 "Re: [Tiff] strlcpy vs strncpy", by Albert Cahalan

2010.07.11 08:06 "Re: [Tiff] strlcpy vs strncpy", by Toby Thain

2010.07.11 14:35 "Re: [Tiff] strlcpy vs strncpy", by Bob Friesenhahn

2010.07.10 13:39 "Re: [Tiff] strlcpy vs strncpy", by Bob Friesenhahn

2010.07.11 08:18 "Re: [Tiff] strlcpy vs strncpy", by Albert Cahalan

2010.07.11 16:35 "Re: [Tiff] strlcpy vs strncpy", by Bob Friesenhahn

2010.07.12 17:34 "Re: [Tiff] strlcpy vs strncpy", by Dmitry V. Levin

2010.07.12 18:13 "Re: [Tiff] strlcpy vs strncpy", by Bob Friesenhahn

2010.08.02 19:47 "Re: [Tiff] BigTIFF Support in LibTiff", by Gajera Tejas

2010.08.02 19:25 "[Tiff] BigTIFF Support in LibTiff", by Gajera Tejas

2010.08.02 19:34 "Re: [Tiff] BigTIFF Support in LibTiff", by Bob Friesenhahn

2010.08.19 17:18 "[Tiff] tiff2ps page sizing options", by Richard Nolde

2010.08.23 04:54 "Re: [Tiff] tiff2ps page sizing options", by Lee Howard

2010.07.08 18:03 "Re: [Tiff] strlcpy vs strncpy", by Lee Howard

I see that libtiff is using strncpy() as a safer strcpy() and strncat() as a safer strcat(). Unfortunately, strncpy() does include a significant design flaw which causes it still to be insecure unless additional care is taken. The problem occurs when the string to be copied exactly matches the buffer size, in which case the string will lack null termination. The strlcpy() (and strlcat) functions avoid this glitch by always assuring null termination. The return value of strl*() are also much more useful since it is easy to test if the string was truncated (and by how much).

GraphicsMagick is using strlcpy() and strlcat() for secure string copies. I will be happy to contribute versions that I wrote myself for use in libtiff if libtiff choses to rely on these more secure functions. Libtiff should name the replacement functions differently in order to avoid any possible conflict/confusion with system provided versions, or versions from some dependent library or program.

I don't have any arguments against this.

Thanks,

Lee.