Bruno Flueckiger <inform...@gmx.net> writes: > On 13.01.2015 23:23, Stuart Henderson wrote: >> >> >> Please drop pkg/SECURITY - we don't use this any more >> >> I see no benefit in patching strncpy with an explicit NUL termination >> to strlcpy, only difficulties in updating if upstream change things >> in this area. The EPROTO patch segment is needed but I would drop all >> the others. >> >> The "MAKE_FLAGS = GZIP=..." line isn't needed as the install target >> in upstream's Makefile isn't used >> >> COMMENT normally starts with lowercase >> > > Stuart, thank you for the feedback. I rework the port according to it. > After removing all the patches for strncpy() When I run make build now > I get a compiler warning about strcpy() in ctx.c. > > Should I keep this patch in the port?
I would zap it too. But feel free to discuss this with upstream and work with them to use the safer strl idiom. :) Even though this API is safer people have done mistakes in ports in the past. Please also use http://www.udpxy.com/index-en.html as homepage. > $OpenBSD$ > --- ctx.c.orig Thu Jan 15 18:41:32 2015 > +++ ctx.c Thu Jan 15 18:42:01 2015 > @@ -201,7 +201,7 @@ add_client( struct server_ctx* ctx, > client->mcast_port = mport; > > if (ctx->rq.tail[0]) > - (void) strcpy( client->tail, ctx->rq.tail ); > + (void) strlcpy( client->tail, ctx->rq.tail, sizeof(client->tail) ); > > rc = get_src_info( client, sockfd ); > if( 0 != rc ) { -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
