strcpy density in #curl source code
Discussion
Loading...
@bagder Interesting to see that the graph is not strictly decreasing — meaning that there were commits that added new strcpy() lines as late as this year, despite the projects' review efforts. 🤔
Nonetheless, congrats on reaching 0%. Is there a plan to prevent calls to "bad" functions from sneaking back in again?
@bagder great work. Coulda just rewrote the entire of curl in Rust tho 🥴
Great stuff. What was the motivation here?
performance (ie copying per se), or security (ie replace with strncopy)
@oschonrock to reduce the risk of mistakes, so security pretty much
@bagder @oschonrock - looking at the code, this seems to be a hardened version of the original function? Is there a case to include the in the original lib? (Maybe as a new function if there could be backwards compatibility issues)
@bagder is it being replaced with strncpy or similar?