Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace strncpy with strlcpy #2783

Open
philipphofmann opened this issue Mar 13, 2023 · 3 comments · May be fixed by #4636
Open

Replace strncpy with strlcpy #2783

philipphofmann opened this issue Mar 13, 2023 · 3 comments · May be fixed by #4636
Assignees

Comments

@philipphofmann
Copy link
Member

philipphofmann commented Mar 13, 2023

Description

Our codebase uses strncpy, which is unsafe according to the Apple Secure Coding Guide. We should replace it with strlcpy. Worth investigating if KSCrash has already fixed this.

If we can simply replace strncpy with strlcpy, cause the code has test coverage we should do this quickly. If replacing is a bit complicated, needs refactoring to make things testable, we should reconsider the priority.

Related security issue: CWE-676.

@github-actions
Copy link

github-actions bot commented Apr 6, 2023

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Backlog or Status: In Progress, I will leave it alone ... forever!


"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

@armcknight
Copy link
Member

We should look at Bugsnag instead of KSCrash, as the former is built on top of the latter (and by the same author), which isn't really maintained any longer.

Here are the usages of strncpy in bugsnag:
Image
and that wrapper function is only called in one place: Image

and strlcpy:
Image

@philipphofmann
Copy link
Member Author

@armcknight, FYI, there has been some activity on https://github.com/kstenerud/KSCrash in the last couple of months.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: In Progress
Development

Successfully merging a pull request may close this issue.

5 participants