-
-
Notifications
You must be signed in to change notification settings - Fork 333
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace strncpy with strlcpy #2783
Comments
This issue has gone three weeks without activity. In another week, I will close it. But! If you comment or otherwise update it, I will reset the clock, and if you label it "A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀 |
@armcknight, FYI, there has been some activity on https://github.com/kstenerud/KSCrash in the last couple of months. |
Description
Our codebase uses strncpy, which is unsafe according to the Apple Secure Coding Guide. We should replace it with
strlcpy
. Worth investigating if KSCrash has already fixed this.If we can simply replace strncpy with strlcpy, cause the code has test coverage we should do this quickly. If replacing is a bit complicated, needs refactoring to make things testable, we should reconsider the priority.
Related security issue: CWE-676.
The text was updated successfully, but these errors were encountered: