[prev in list] [next in list] [ prev in thread ] [ next in thread ] List: openbsd-tech Subject: On the matter of strlcpy/strlcat acceptance by industry From: deraadt () cvs ! openbsd ! org Date: 2013-12-18 4:01:16 Message-ID: 201312180401.rBI41GET031793 () cvs ! openbsd ! org [Download RAW message or body] From time to time, there are people who say that strlcpy and strlcat are stupid. This is a little frustrating because we just want developers to have an easier time writing/auditing string code to avoid overflows and truncations, especially considering so many standard C APIs require fixed length strings or have other limits, and will in the forceable future. You probably all know about the mainstream users of these functions, like the Linux kernel, or MacOS, or the other BSD's, and Solaris. But there are many, many more, and it is time to show the global strlcpy'ing deniers the reality. I've collected some statistics to see how much upstream software use these functions. I asked Stuart Henderson to collect a "recursive nm .o" for every piece of software built in our ports tree. It's roughly 2GB of text output. For those who don't know, that ports tree is basically a repository of all the application software we supply as an add-on on top of the base operating system. Each of those becomes a package, so that is what we are looking at. They are pretty much the bulk of the commonly-used Unix applications found on all systems. These packages do not generally include things like openssh, perl, or X11, sqlite, or a number of other small things directly integrated into the OpenBSD base. But that's OK, because those I just mentioned do use strlcpy and strlcat in their upstream repositories. So 3535 packages contain .o files, and now we can grep to see what they define or use. In essence, a piece of software will likely fall into one of these catagories: (0) Not use the functions at all. (1) Will assume that the system has the functions in libc. (2) Will have a configure-style "feature-test" which tests if libc contains the functions, and thus turn on a cpp symbol such as HAS_STRLCPY, then use the libc version. Otherwise it will avoid using them... (3) More commonly, if the feature-test fails, it will substitute copies from its own tree. Essentially to cope with glibc. (4) Some software contain their own version, typically copied from us, but renamed. There are many of these. Let's look at these cases backwards, for reasons that become obvious as we move ahead. (4) Who is defining their own versions of the functions, with slightly different names? The obvious names we find are: SDL_strlcpy SDL_utf8strlcpy _iodbcdm_strlcpy _strlcpy ascii_safe_strlcpy av_strlcpy cli_strlcpy dt_utf8_strlcpy fc_strlcpy fl_strlcpy flac__strlcpy fz_strlcpy g_strlcpy hd_strlcpy isc_string_strlcpy lg_strlcpy llvm_strlcpy loud_strlcpy mcs_strlcpy mg_strlcpy monoeg_g_strlcpy mowgli_strlcpy my_strlcpy mystrlcpy os_strlcpy pa_strlcpy rb_strlcpy sg_strlcpy sl_strlcpy sm_strlcpy test_evutil_strlcpy test_strlcpy tr_strlcpy ut_strlcpy utf8_strlcpy uv_strlcpy vi_strlcpy xstrlcpy zbx_strlcpy SDL_strlcat SDL_strlcpy _iodbcdm_strlcat av_strlcat fc_strlcat fl_strlcat flac__strlcat fz_strlcat g_strlcat hd_strlcat isc_string_strlcat ixp_strlcat mcs_strlcat mowgli_strlcat mystrlcat rb_strlcat sg_strlcat sl_strlcat sm_strlcat ssh_strlcat uv_strlcat vi_strlcat wmii_strlcat xstrlcat zbx_strlcat Replacement copies seem to be quite popular. Some of the names hint at who is doing this, but we can search by these functions to see which packages are defining them: bogofilter bro clamav cntlm cups-filters darktable dkim-milter ffmpeg flac fltk freeciv fte glib2 gtk-gnutella htmldoc iodbc ircd-ratbox isc-bind isc-dhcp ksh93 leafnode libixp libstatgrab link-grammar linkchecker llvm mathomatic mcs mono mowgli mupdf mysql node pmacct postgresql pulseaudio rlwrap samhain sdl2 tcpreplay transmission visitors wmii wpa_supplicant xfe xpilot zabbix So 73 (2% or 3535) of packages define either of these for themselves under a new name. This may seem like a small list, but look it contains monsters like glib2, postgresql, and mysql. In particular, those monster contain libraries.. this will become more obvious a bit further on. (3) What about software which substitutes their own, when they don't find ours? This is harder to determine in the OpenBSD ports tree because our libc functions will always be found. However, we can see if any ports sloppily compile their own versions, even though we have it... databases/pgpool: T strlcpy devel/p5-File-RsyncP: T strlcpy devel/py-setproctitle: T strlcpy editors/fte: T strlcpy games/oolite: T strlcpy games/stone-soup: T strlcpy games/xpilot: T strlcpy mail/akpop3d: T strlcpy net/bro: T strlcpy net/tcpreplay: T strlcpy shells/ksh93: T strlcpy www/cntlm: T strlcpy www/linkchecker: T strlcpy x11/xfe: T strlcpy editors/fte: T strlcat games/xpilot: T strlcat net/bro: T strlcat net/pmacct: T strlcat net/tcpreplay: T strlcat shells/ksh93: T strlcat www/cntlm: T strlcat www/linkchecker: T strlcat x11/xfe: T strlcat This was rather unexpected. These software teams have decided to simply use the same name, for (hopefully) the same functionality. (2) Regarding the question of code which uses a feature test to find if the functions exist, and having not found them, then avoids them? We cannot test using the "symbol table" method. A test would need to be run on a system without the functions in libc. That test cannot be run on a BSD, MacOS, or Solaris... (1) The question of which ports use the functions in libc should really be split into two questions. How many use our functions (strlcpy and strlcat)? How many use the renamed functions (for instance, g_strlcpy from glib, isc_string_strlcpy, etc). The following 254 (7% of 3535) of packages use our strlcpy: GraphicsMagick Wnn adsuck aircrack-ng akpop3d anacron angst apcd argus arp-scan asclock assl aucatctl autogen avahi bitlbee bogofilter bro bwm-ng canna ccid cdrtools cfengine cfs cgit cgo clamsmtp clearsilver cntlm cnupm colorls conserver crawl cue cups cyphertite cyrus-imapd cyrus-sasl2 darkstat dcmtk dictd diskrescue dnscrypt-proxy dnsfilter dsniff dsocks dspam dtach dvdbackup ekg eltclsh epic4 ettercap exiv2 ezstream fdm femail fetchmail fldigi flowd fltk foomatic-filters fragroute freeciv freetds fsstress fte ftpsesame g77 garmin-utils gettext git glib2 gnats gophernicus gpioflicker gpsd grace gxemul hoc honeyd hotplug-diskmount hping i3status icbirc igmpproxy ikeman iogen ipfm ipguard ircd-hybrid ircd-ratbox irssi-silc isc-bind isc-dhcp jack jasper jpeg junkbuster kc kicad kinput2 kismet kissd ksh93 kst ladvd ldapvacation leafnode libclog libdnet libevent2 libeventextra libexecinfo libiconv libmagic libtar libworkman lldpd logfmon login_oath mc mcrypt metamail milter-checkrcpt milter-regex milter-spamd mod_auth_bsd mod_auth_mysql mono mpage natpmpd nemesis netatalk netbsd-iscsi-target netfwd ngircd nmap nostromo nsh nsping nvi nylon onioncat oolite openmdns openpam opensc openvpn-auth-ldap openvpn_bsdauth p5-File-RsyncP p5-IO-Tty p5-Image-EXIF p5-Proc-ProcessTable parse pbrowser pcc pcsc-lite pdnsd perdition pfstat pftop pg_statsinfo pgbouncer pgpool phoon pktstat pmacct pop3gwd poptop postgresql postgresql-plv8 pptp privoxy procmail pwsafe py-openbsd py-setproctitle quagga radiusd-lucent relaydb rlwrap rsync rtunes rzip samba sc scanssh sdl sdl2 shmux smsmail smtp-benchmark smtp-vilter smtpclient snort softflowd spatial spectrwm ssh-ldap-helper stegdetect stone-soup sudognu sudoku-solver symon tabled tcpreplay tcpslice teknap tiff tinyproxy tkrat toprump tor torture totd transcode transmission tray-app trickle uim umurmur unworkable vlc vomit vpnc warzone2100 webalizer wide-dhcpv6 winexe wm2 wmcalc wmcalclock wmgrabimage wmifinfo wminfo wmmoonclock wmmp3 wmphoto wmpop3 wmspaceweather wmtimer wmtune wmwlmon xboing xfe xine-ui xmms xombrero xorp xpilot xwrits xxdiff zoo The following 158 (4% of 3535) of packages use our strlcat: GraphicsMagick Wnn anacron angst argus-clients arp-scan arpd asclock assl bogofilter bro cfengine clamsmtp clearsilver cntlm cnupm crawl cue cups cyphertite cyrus-imapd cyrus-sasl2 darkstat dcmtk dfc dsniff dspam ekg eltclsh epic4 ettercap ezstream fdm fetchmail flowd fltk foomatic-filters fragroute freeciv fsstress fte ftpsesame g77 gettext glib2 gnats gophernicus gpsd grace gxemul honeyd hotplug-diskmount hping ikeman ircd-hybrid ircd-ratbox isc-bind isc-dhcp jasper jpeg junkbuster kc kinput2 kst ldapvacation libbgpdump libdnet libiconv libmagic libworkman libxmlsd linkchecker logfmon mc milter-greylist milter-regex milter-spamd mpage mt-daapd nbfc nemesis netatalk netcdf netfwd ngircd nostromo nsh nylon onioncat openmdns openpam opensc p5-Devel-NYTProf p5-Image-EXIF p5-Proc-ProcessTable parse pbrowser pcc pcsc-lite pfe pg_statsinfo pg_top phoon pop3gwd postgresql privoxy procmail psdim pwsafe quagga radiusd-lucent relaydb rlwrap rsync rtunes rzip samba sc scanssh scrot sdl2 smsmail smtp-benchmark smtp-vilter snort softflowd spectrwm ssh-ldap-helper stegdetect sudognu symon tabled tcpreplay teknap tkrat toprump tor totd transcode tray-app tree trickle uim unworkable vomit vpnc warzone2100 wide-dhcpv6 winexe wm2 wmcalc wminfo wmmp3 wmtune xine-ui xombrero xpilot xwrits The following 326 (9% of 3535) packages use another library's private *strlcpy function: GraphicsMagick Wnn adsuck aircrack-ng akpop3d anacron angst apcd apcupsd argus arp-scan asclock assl aucatctl audacious audacious-plugins autogen avahi bitlbee bogofilter bro bwm-ng canna ccid cdrtools cfengine cfs cgit cgo chromium clamav clamsmtp claws-mail clearsilver cntlm cnupm colorls conserver crack-attack crawl cue cups cups-pk-helper cyphertite cyrus-imapd cyrus-sasl2 darkstat darktable dcmtk dictd diskrescue dkim-milter dnscrypt-proxy dnsfilter dsniff dsocks dspam dtach dvdbackup dvdstyler eboard ekg eltclsh emelfm2 epic4 ettercap evolution evolution-data-server exiv2 ezstream fdm femail fetchmail ffmpeg flac fldigi flowd fltk foomatic-filters fragroute freeciv freetds fsstress fte ftpsesame g77 garmin-utils gcompris geany gecko-mediaplayer gentoo gettext gigolo git glib2 gmfsk gnats gnome-mplayer gnumeric gophernicus gpioflicker gpsd grace gtk-gnutella gxemul hoc honeyd hotplug-diskmount hping htmldoc i3status icbirc igmpproxy ikeman inkscape iodbc iogen ipfm ipguard ircd-hybrid ircd-ratbox irssi-silc isc-bind isc-dhcp jack jasper jnettop jpeg jpilot junkbuster kanatest kc kicad kinput2 kismet kissd ksh93 kst ladvd ldapvacation leafnode libclog libdnet libevent2 libeventextra libexecinfo libgtop2 libiconv liblqr libmagic libnice libsexy libstatgrab libtar libvirt-glib libworkman link-grammar lldpd llvm logfmon login_oath logjam mathomatic mc mcrypt mcs metamail milter-checkrcpt milter-regex milter-spamd mod_auth_bsd mod_auth_mysql mono mowgli mpage mpd mplayer mupdf mysql natpmpd ncmpc nemesis netatalk netbsd-iscsi-target netfwd ngircd nmap node nostromo nsh nsping nvi nylon onioncat oolite openmdns openpam opensc openvpn-auth-ldap openvpn_bsdauth osmo p5-File-RsyncP p5-IO-Tty p5-Image-EXIF p5-Proc-ProcessTable pan parcellite parse pbrowser pcc pcsc-lite pdnsd perdition pfstat pftop pg_statsinfo pgbouncer pgpool phoon pidgin pktstat pmacct pop3gwd poptop postgresql postgresql-plv8 pptp privoxy procmail pulseaudio pwsafe py-openbsd py-setproctitle qemu quagga radiusd-lucent rawstudio relaydb remmina rhythmbox rlwrap rsync rtunes rzip samba samhain sc scanssh scmpc sdl sdl2 sdl2-ttf shmux smsmail smtp-benchmark smtp-vilter smtpclient snort softflowd spatial spectrwm ssh-ldap-helper stegdetect stone-soup streamripper sudognu sudoku-solver symon syslog-ng tabled tcpreplay tcpslice teknap tiff tinyproxy tkrat toprump tor torture totd transcode transmission tray-app trickle ufraw uim umurmur unworkable viking vlc vomit vpnc warzone2100 webalizer wide-dhcpv6 winexe wm2 wmcalc wmcalclock wmgrabimage wmifinfo wminfo wmmoonclock wmmp3 wmphoto wmpop3 wmspaceweather wmtimer wmtune wmwlmon wpa_supplicant xboing xfe xine-ui xmms xmms2 xnp2 xombrero xorp xournal xpilot xwrits xxdiff yabause zabbix zoo The following 35 (1% of 3535) packages use another library's private *strlcat function: bitlbee chromium darktable dkim-milter eboard ffmpeg flac freeciv gcompris gecko-mediaplayer gmtk gnome-mplayer gtk-gnutella gtkpod htmldoc inkscape iodbc ircd-ratbox jnettop libstatgrab mcs mplayer mupdf ncmpc osmo pidgin qemu rlwrap samhain scmpc ufraw uim wmii xmms2 zabbix (0) Finally, we should answer the question about who is not using these functions or variants. Let us keep the answer really simple. The following 1808 (51% of 3535) packages use strcpy: 9libs BasiliskII DevIL GeoIP GraphicsMagick ImageMagick ORBit2 R STk TclXML Wnn Xaw3d XawMu Xdialog a2ps abclock abiword abook abs abuse acpica adns aescrypt afterstep agg agm agrep aide ald allegro alpine altermime amanda amap amarok amide amiwm amph amsn amtterm amule anacron analog angband angband angband animorph anthy antiword ap-utils ap2-mod_fastcgi ap2-mod_jk apache-httpd apr apr-util apr-util aqbanking aqsis aqualung arc ardour arena argus-clients argyll arpcatch arpwatch asapm ascd asclock asfiles asmail asp2php asp2php astime astmanproxy astrolog asymptote atomicparsley aubio audacious audacious-plugins audacity augeas autogen autopano-sift-c avenger avenger avinfo avrdude axe axel babl bacula bacula bacula balance barcode bash beav beaver beret bfbtester bible-kjv bibview bird bird birda bison bitlbee bitlbee bitlbee bitlbee bladeenc blender blobby blockrage bluefish bochs bochs boehm-gc bogofilter bomberclone bonnie++ boost boswars bouml bounix bozohttpd bricons brltty bro bsd-airtools bulk_mailer bvi bzflag bzip2 c2t c3270 cabextract cadaver cairo cal3d calc calcoo calibre canna capitan-sevilla catdoc catdoc ccextractor ccrypt ccze cdk cdparanoia cdrdao cdrdao cdrtools celestia centerim cfdg cfengine cfitsio cflow cfs cftp cgal cgdb cgiparse cgit cgoban chbg check chicken chipmunk chmlib chntpw chocolate-doom choria chroma chromium chromium chromium-bsu clamav clamsmtp clamz classpath claws-mail claws-mail clearsilver clementine cless clex climm clisp clive clonekeen clucene clusterit clusterit cmake cmu-sphinx3 cmu-sphinxbase cntlm codeblocks codeworker coldfire colortail commoncpp compface conky conky conky conky conky connect4 cook cooledit cooledit coreutils corewars courier-authlib courier-imap cqcam crack-attack cracklib crimson cronolog crossfire-client crxvt cryptcat cscope ctm ctunnel ctwm cucipop cunit cups-filters curl cutils cvechecker cvsgraph cvsps cvstrac cyrus-imapd cyrus-imapd cyrus-sasl2 cyrus-sasl2 cyrus-sasl2 cyrus-sasl2 cyrus-sasl2 daapd dangerdeep dansguardian dante darktable dash dbh dbus dbus-tcl dclock dcmtk dcraw ddd deadbeef deco desmume detex detox dgen-sdl dgen-sdl dia dialog dictd diction diffstat digikam digitemp dillo discount djview4 djvulibre dmenu dnscrypt-proxy dnsmasq dnstracer doc++ docbook-to-man docbook2x dopewars dopewars dos2unix dosbox dotconf doxygen doxygen dpic drac drawterm drgeo driftnet droplet dsniff dsniff dspam dspam dspam dspam dtcltiny dumb dumpmpeg dungeon-crawl dvd+rw-tools dvdauthor dvdbackup dvi2tty dwm dxpc dynamips dysnomia e16keyedit e2fsprogs easytag eboard ebook-tools echoping ecl ecm ectags eduke32 ee efax egoboo elinks elvis elvis emacs emacs emacs emacs21 emacs21 emboss emiclock enblend-enfuse enca enchant enigma enjoympeg enlightenment enscript epic4 epte eruby es esound espeak eterm eterm etherape ettercap ettercap evilwm evince evolution evolution-data-server exim exim exim exim exim exiv2 expect extremetuxracer ez-ipupdate f1spirit faac faad faces falconseye fastjar fbpanel fceux fcgi fcrackzip feh fetchmail ffmpeg ffmpeg2theora ffproxy fftw fftw3 fftw3 figlet filezilla findutils flash fldigi fleditor flex flickcurl flipit flite flow-tools fltk fluidsynth fluxbox fluxter flvstreamer flwm fmirror fobbit foma fontforge foo2zjs foobillard foomatic-filters fox fping fragroute fragrouter freealut freeciv freedroid freedroidrpg freedt freehdl freeimage freeipmi freemat freerdp freetds freeze fribidi frodo frogatto frotz fs-uae fsv fte fuse fvwm2 fvwm95 fxtv g77 gaia galculator gambatte gamgi gargoyle garmindev gawk gbdfed gcal gcompris gconf2 gcpio gd gdal gdb gdbm gdiff gdk-pixbuf2 geany geda-gaf gegl gentoo geomview geotiff gerbv gettext gforth gfortran ggrep ghc ghostview giblib gif2png gifsicle gimgtools gimmix gindent git glew glib glib2 glimpse glpk glsfcave gmake gmime gmp gmpc-plugins gmt gmudix gnats gnokii gnomad2 gnome-mplayer gnucap gnucash gnuchess gnugetopt gnugo gnumeric gnupg gnupg gnupg2 gnuplot gnuplot gnushogi gnutls goaccess gobject-introspection goffice goffice08 gogo golem golly gone gopher gpa gpatch gpgme gphoto2 gpicview gprolog gpsbabel gpsk31 gpstk gq grace graphviz grcs grip groff groff gsed gshar+gunshar gsm gtar gtar gtk+ gtk+2 gtk+3 gtk-gnutella gtkhotkey gtkhtml3 gtkhtml4 gtklp gtkpod gtksourceview gtkwave gtypist guile guilib gummi gutenprint gv gwaei gwenhywfar ha hamlib hanterm-xf haserl haserl haserl haserl heroes hex-a-hop hexedit hfsplus hiawatha hlfl hnb ht ht htmldoc hugin hugs hunspell hydra hydrogen hylafax hylafax hyperestraier hypermail hypermail i3 i3status iaxclient iaxmodem ibus icb icecast ices2 icewm icu4c id-utils id3ed id3lib idled iec16022 iftop ike-scan imake imapproxy imlib imlib2 inadyn iniparser inkscape integrit intel2gas io iodbc ion iozone ipaudit iperf ipmitool ipv6calc irc ircII ircd-hybrid ircd-ratbox irrlamb irrlicht irssi irssi irssi-silc isc-bind isc-dhcp isearch ish isomaster ispell itcl itk its4 ivan iverilog jabberd jabberd jack jailkit jam jamvm jed jed jesred jftpgw jhead jikes jlint jnettop joe john jove jpilot jvim jvim jvim jvim jwm k3b kaffeine kakasi kanjips kasumi keepassx kermit kicad kimdaba kinput2 kinput2 kinput2 kismet klavaro klogic knutclient kobodeluxe kobodeluxe komi krusader ksh93 ksmp3play kst kterm kterm ktorrent l0phtcrack ladspa lam lame larbin larswm lasem late lbdb lbreakout2 lcdproc lcms lcms2 ldapvi leafnode ledger lensfun leptonica less lftp lgeneral lgrind lha libIDL libJudy libXp libaacs libarchive libassuan libast libaudiofile libbgpdump libbind libbluray libcaca libcares libcddb libcdio libchewing libconfig libconfuse libdbi-drivers libdnet libee libetpan libexif libf2c libfm libfmt libfprint libgadu libgcrypt libgdata libgphoto2 libgpod libgsasl libhangul libical libiconv libid3tag libident libidn libircclient libkdcraw libksba liblo liblouis libmcrypt libmemcached libmikmod libmodplug libmp4v2 libmpc libmpd libmspack libmtp libmusicbrainz libmusicbrainz5 libnids libnipper libnjb libnxml liboauth libofa libofx libosip2 libotr libpano13 libpaper libplist libproplist libpst libpwquality libqalculate libquicktime libraw librelp librep libretto-config libshout libsidplay libslang libsmi libsoup libspectre libspf2 libssh libst libstatgrab libtabe libtar libtasn1 libtextcat libtool libunicode libunistring libupnp libvirt libvorbis libwmf libworkman libxdg-basedir libxml libzip lifelines liferea lighttpd lighttpd lighttpd lighttpd lincity lincity-ng link-grammar links links+ links+ livemedia lives lldpd lmms log4c logjam logpp logsurfer lostpixels loudmouth lout love lrzsz lsof lsys lua-lgi lua-lgi luafs luafs luajit luarexlib luasocket luasocket luna lxnb lz4 lzo lzo2 lzop m4 mac macutil maelstrom magicpoint maildrop mailman mailman mairix man2web manaplus mandelbulber mathomatic mawk mboxgrep mc mcabber mcrypt mcsim mecab mediatomb mednafen menu-cache metamail mgetty+sendfax mhash mico microblog-purple micropolis mikmod milkytracker milter-greylist mimedefang mimepp ming mini_sendmail minicom minidlna mirrormagic mixer.app mixmaster mjpegtools mjpegtools mk mlmmj mlterm mod_auth_ldap mod_auth_pgsql mod_fastcgi mod_jk mod_mp3 mod_mp3 mod_security modlogan mono monotone moon-buggy moria most movemail mowitz mozplugger mp3blaster mp3encode mp3gain mp3info mp3info mpack mpc mpeg_encode mpeg_play mpegaudio mpfr mpg123 mpg321 mpgtx mplayer mrtd mrtg mrxvt mscore mshell msmtp mt-daapd mterm mtools mtr mtr mudix multimux multitail mupdf musepack mutella mxconns mxml mysql naken430asm nam namazu nano nap nasm nbaudit nbtscan ncdu ncftp neXtaw nedit neon nepenthes nepim nestopia netatalk netbsd-iscsi-target netcdf nethack nethack nethack netpbm netperf netpipe netris neverball newsfetch ngspice nmap nmh nmh nn node node-bcrypt node-gir node-pg normalize nosefart nqp ns nslint nslint nspr nss ntfs-3g ntl ntop ntp nulib nutdb nvi-m17n nvi-m17n nyancat oath-toolkit obc obexftp ocaml ocaml-mlgmp ocaml-net ocaml-net ocsync octave ode oggz ogle ogle_gui ogmrip ogmtools ogre olsrd omake omega onew onew onew oo2c oolite opal open-cobol openarena openbabel opencdk opencm openconnect opencv openexr openfst openimageio openjp2 openjpeg openldap openldap openldap23 openmotif openmpi openmsx opennap openobex openocd openpoppassd opensc openscenegraph opensonic opensp openvmps openvpn openvpn-auth-ldap ophcrack optipng orc oroborus ortp osm-gps-map osm2go osmo osrtspproxy otcl otf2bdf owamp p5-CGI-SpeedyCGI p5-Cairo p5-Convert-Binary-C p5-Convert-UUlib p5-DBD-Pg p5-DBD-SQLite2 p5-DBD-Sybase p5-DBI p5-Data-Dump-Streamer p5-File-MMagic-XS p5-File-RsyncP p5-HTML-Embperl p5-Image-EXIF p5-Imager p5-Locale-Hebrew p5-Math-Pari p5-Net-RawIP p5-Net-TCLink p5-Net_SSLeay p5-PadWalker p5-Quota p5-Term-ReadLine-Gnu p5-Text-Aspell p5-Text-Tmpl p5-Tk p5-Tk-TableMatrix p5-Wx p5-XML-LibXML p5-XML-SAX-ExpatXS p5-libapreq p5-libapreq2 p5-sybperl pan pango pangox-compat par par1cmdline par2cmdline parcellite pari parrot parse patchutils pavuk pavuk pcb pccts pcre pcsc-lite pcsxr pdflib pdmenu pen perdition pfe pg_statsinfo pg_top pgadmin3 pgp pgp5 pgpool pgpsendmail pgtcl physfs pidgin pidgin pidgin-sipe pidgin-tlen piewm pilot-link pinentry pinfo pingus pioneers pjsua plan plib plor plplot pmacct pms pngcrush poedit polipo popclient poppassd poppler poppler popt poptop pork postgis postgresql postgresql-odbc potrace pound povray powerdns prboom prboom-plus prepop procmail proj prosody protobuf-c proxy-suite psi pstoedit psutils ptlib pulseaudio pure-ftpd pure-ftpd pure-ftpd pure-ftpd pure-ftpd pure-ftpd pure-ftpd pure-ftpd putty puzzles pwgen pwm py-Imaging py-M2Crypto py-Pillow py-apsw py-apsw py-cjkcodecs py-cryptkit py-gtk2 py-libpcap py-mxDateTime py-numpy py-openssl py-pgsql py-proj py-psycopg2 py-quixote py-scipy py-sip py-sqlite2 py-sybase py-vorbis py-wxPython pysvn pyusb qca2 qcad qemu qgis qhull qiv qlandkarte qlandkartegt qpage qscintilla qstat qt-creator qt3 quagga quake2 qucs queryperf queso quesoglc quirc qvwm racket radiusd-cistron radmind ragel raptor rarian ratpoison rawstudio rawtherapee rc rc rc rdesktop readline recode redis redland remake remind remmina rep-gtk repmgr retawq rftg ri-li rlwrap roadfighter rocksndiamonds rocrail rox-filer roxterm rpl rplay rpm rrdtool rsyslog rtmpdump rtty rubinius ruby-capybara-webkit ruby-capybara-webkit ruby-eventmachine ruby-eventmachine ruby-eventmachine ruby-ldap ruby-ldap ruby-ldap ruby-passenger ruby-passenger ruby-rb-gsl ruby-rdiscount ruby-rdiscount ruby-rdiscount ruby-rmagick ruby-rmagick ruby-rmagick ruby-swift-db-mysql ruby-swift-db-mysql ruby-vorbis_comment ruby-vorbis_comment ruby-vorbis_comment rxp rxvt rxvt-unicode s10sh sablotron sam samdump2 samhain samhain samhain sane-backends sarg sarg sash sattrack sawfish sbcl sc scheme48 schismtracker scim scim-fcitx scintilla scite scm scm scmxx scorched3d screen screen scsh scummvm scummvm-tools sdd sdl-mixer sdl-sound sdl2 sdl2-mixer sdlmame sdlmess sdlroids sdlzombies se seed7 setquota seyon sfio sgmlformat shapelib sharity-light shash shash shell-fm shntool shorten shunt si siag sidplay siege silc-client silc-server silc-server silc-toolkit sim simgear simulavr sipcalc siproxd sipsak sisctrl sketch slash slash slash-em slash-em sliderule slim slrn smstools snes9x snipe2d snort snownews socat sofia-sip solid-pop3d solid-pop3d sope soundtracker source-highlight sox spacezero spandsp spawn-fcgi spectemu spectrum speech-dispatcher speeddreams sphinx sphinx spice spice-gtk spider spidermonkey spidermonkey spiff spim spiped splint splitvt splix sqlite sqlitebrowser sqsh squidclamav srcpd sshfs-fuse sshguard sshguard ssldump sslh ssvnc star star startup-notification stegdetect steghide stella stepmania sthttpd stone-soup stone-soup streamripper strigi strobe stunnel stuntman subrip subtitleripper subversion sunbird sunclock supercat supertux supertuxkart swfmill swftools swi-prolog swig swish-e sxiv sylpheed sympa synaesthesia synergy syslog-ng t1lib tacacs+ taglib tagtool tapclean tarsnap tclcl tclcurl tclthread tcltls tcludp tcpcat tcplist tcpreplay tcpstat tcptraceroute tcsh tdl teapop ted teeworlds teknap tellico tesseract testdisk texmaker texworks tgif thcrut the_silver_searcher tidyp tiff2png tilda timidity tin tintin++ tinycdb tinyfugue tinyscheme tircproxy tkdnd tkhtml tkimg tkrat tktable tktreectrl tla tlf tn5250 tnef toolame toppler tornado torsocks totd tpb tracker traditional-vi trafd trafshow trans transfig transmission tre treewm tremor tremor-tools trn tuxkart tuxpaint tvtwm tweak u9fs uae ucblogo ucpp ucspi-unix udunits uemacs ufraw uim unarj uncrustify unicon uniutils unrar unshield unzip uptimed uqm usbutils ushare uucp uwm vala varnish vbam vcdimager verbiste viewfax vifm viking vim vim vim vim vim vim virt-viewer virtuoso vislcg3 vitetris viz vlc vncsnapshot vorbis-tools vorbisgain vrfy vtags vteplugin vttest w3m w3m w3m w3m waimea wanderer warzone2100 wavpack wbox wdiff webalizer webkit webkit weechat weex wesnoth wesnoth wget wide-dhcp widelands wily windowlab windowmaker winexe wizznic wmbiff wmclockmon wmcube wmglobe wmifinfo wmii wminfo wmitime wml wmmail wmmenu wmmenu wmminichess wmmixer wmmp wmmp3 wmmultipop3 wmnet wmpinboard wmthemeinstall wmtime wmtz wmx wordnet wterm wv wv2 www6to4 wwwcount wwwoffle wxWidgets wy60 x11vnc x264 x2x x3270 x48 xanim xaniroc xantfarm xaos xapian-omega xarchiver xastir xawtv xbae xbat xbattle xbill xbl xblast xbmbrowser xboard xboing xbomber xbreaky xbubble xcalib xcdroast xcept xchat xcircuit xclip xco xcolors xcopilot xcowsay xcubes xcursorgen xd xdaliclock xdeblock xdg-user-dirs xdino xdmchoose xdms xdotool xdrawchem xdtm xdu xearth xengine xephem xerces-c xevil xfaces xfe xfed xfig xfishtank xfm xforms xgalaga-sdl xgas xgrab xhomer xine-lib xine-ui xinvest xjewel xjig xjobs xkeycaps xkobo xkobo xl2tpd xlbiff xless xlhtml xlife xloadimage xlog xmahjongg xmake xmascot xmcd xmedcon xmine xminehunter xmix xmlrpc-c xmlrpc-epi xmlsec xmlwf xmmix xmms xmms-shn xmms-sid xmms-speex xmms-wavpack xmms2 xmms2-scrobbler xmoto xmris xnc xnecview xneko xnp2 xoris xorp xpad xpaint xpat2 xpdf xpilot xplanet xplot xpostit xpostitPlus xprompt xps xquote xruskb xsane xsane xscavenger xscorch xscrabble xscreensaver xscribble xskat xspread xtacy xtar xteddy xtermset xtraceroute xtrkcad xvkbd xwelltris xwelltris xwpe xzgv xzip yabause yafc yasm yaz yencode ykpers yle-dl yorick ytalk ytalk ytree zangband zangband zaz zbar zebedee zeromq zh-bg5pdf zile zint zip ziproxy zkt zmtx-zmrx zoo zoom zsh zsnes zsync zziplib zzuf I'm not going to bother including the data for strcat. So 50% of software still calls strcpy. There is no way they have all been audited to avoid overflow. Following this, a few more observations are in order: (1) Remarkably, four pieces off software still use gets(3) chipmunk Wnn alpine metamail (2) sprintf is still pretty popular. 1810 (51% of 3535) packages use it. arc bzip2 fastjar gcpio gshar+gunshar gtar gtar ha libarchive libzip lxsplit lzo lzo2 macutil nulib par2cmdline ucl unace unarj unrar unzip xdms zip zoo zziplib celestia dgpsip gcal libnova luna sattrack stellarium sunclock wmglobe xearth xephem akode amarok aqualung ardour ario ascd aubio audacious-plugins audacity aumix calf cdparanoia clementine cmt cmu-sphinx3 cmu-sphinxbase cuetools deadbeef easytag esound espeak faac faad flite fluidsynth gimmix gnomad2 grip gtkpod herrie hydrogen id3ed id3lib jack ksmp3play lame libao libcanberra libcddb libcdio libcue liblo libmad libmikmod libmodplug libmp3splt libmusicbrainz libmusicbrainz5 libnjb libofa lmms mac madplay mikmod milkytracker mp3blaster mp3gain mp3info mp3info mp3wrap mpg123 mpg321 mscore multimux musepack nap normalize nosefart p5-Audio-FLAC-Header p5-Audio-Scan pms pulseaudio py-ogg rhythmbox rioutil rplay rsynth ruby-id3lib ruby-id3lib ruby-id3lib schismtracker scmpc shell-fm soundtracker sox speech-dispatcher streamripper tagtool teknap timidity tracker tremor-tools umurmur vamp-plugin-sdk vorbis-tools wavpack wmix wmmixer wmmp wmmp3 xcdplayer xhippo xmcd xmix xmmix xmms xmms-shn xmms-wavpack xmms2 xmms2-scrobbler bonnie bonnie++ iozone netperf siege xengine emboss nutdb py-biopython chipmunk geda-gaf gerbv gnucap gtkwave kicad necpp ngspice pcb qcad qucs spice xcircuit xnecview xtrkcad cless crxvt libchewing ttfm amtterm birda c3270 efax fldigi gmfsk gnokii gpsk31 hamlib jpilot kermit lcdproc lrzsz mgetty+sendfax minicom openobex pilot-link qpage scmxx seyon smstools tlf wy60 x3270 xastir xcept xlog zmtx-zmrx dos2unix html2text ish libdvdcss libiconv libpst libunistring mimepp mpack otf2bdf p5-Convert-Binary-C p5-Convert-UUlib p5-JSON-XS recode ripmime trans wv wv2 xlhtml dbh dbic++ evolution-data-server freetds gnats gq iodbc kyotocabinet lbdb libpqxx mysql mysqlcc openldap openldap openldap23 p5-DBD-Pg p5-DBD-SQLite p5-DBD-SQLite2 p5-DBD-Sybase p5-DBD-mysql p5-DBI p5-sybperl pg_statsinfo pg_top pgadmin3 pgpool pgtcl postgresql postgresql-odbc py-apsw py-apsw py-mysql py-pgsql py-psycopg2 py-pygresql py-sybase qdbm redis ruby-ldap ruby-ldap ruby-ldap ruby-mysql ruby-mysql ruby-mysql ruby-mysql ruby-swift-db-mysql ruby-swift-db-mysql ruby-swift-db-postgres ruby-swift-db-postgres ruby-swift-db-sqlite3 ruby-swift-db-sqlite3 ruby-tiny_tds ruby-tiny_tds ruby-tiny_tds ruby-tiny_tds sqlite sqsh strigi virtuoso xapian-core acpica ald apr-util apr-util argp-standalone asp2php asp2php autogen avrdude bison blame boehm-gc boost bouml bullet bzr ccache ccrtp cdk cflow cgdb cmake codeblocks codeworker commoncpp cook cppunit ctm cutils cvsgraph cvsps ddd doc++ dotconf doxygen doxygen droplet ectags erl-ejson fox fribidi gdb geany geotiff gettext gindent git glib glib2 glog glpk gmake gobject-introspection goffice goffice08 gpatch grcs guilib gwenhywfar hs-HsSyck id-utils imake iniparser itcl lam libast libaudiofile libconfig libdvdread libee libf2c libgsf libgtop2 libhid libidn liblouis libmpc libmtp libofx liboil libplist libproplist libslang libtool libusb-compat libwnck libwnck3 libyajl libyaml llvm log4c lpc21isp luaprofiler luaprofiler m4 mico mm monotone mpfr naken430asm nasm nspr ocaml-mlgmp ode omake opencm openmpi openocd orc p5-Data-Structure-Util p5-Data-UUID p5-Devel-Cover p5-Devel-NYTProf p5-Glib2 p5-IO-Tty p5-SDL p5-Term-ReadKey p5-YAML-Syck p5-YAML-XS pccts pcre physfs plib popt proj protobuf protobuf-c pth ptlib py-gobject py-gobject3 py-gobject3 py-guppy py-mxDateTime py-sip pygame qt-creator ragel rapidsvn rats readline remake ruby-home_run ruby-narray ruby-narray ruby-rb-gsl ruby-yajl ruby-yajl sdl-image sdl-ttf sdl2-ttf sfio shapelib silc-toolkit simulavr smpeg spidermonkey splint srecord stp subversion swig t1lib tclcl tclthread tla ucpp udis86 vtags xmake yasm abiword axe beav beaver bvi cooledit cooledit ee elvis elvis emacs emacs emacs emacs21 emacs21 fte hexedit hnb ht ht jed jed joe jove nano nedit nvi-m17n nvi-m17n qscintilla scintilla scite ted traditional-vi tweak uemacs vim vim vim vim vim vim xwpe zile drgeo gamgi gtypist BasiliskII bochs bochs coldfire desmume dgen-sdl dgen-sdl dosbox dynamips fceux frodo fs-uae fuse mednafen nestopia pcsxr qemu sdlmame sdlmess snes9x spectemu spim uae vbam x48 xcopilot xhomer xnp2 yabause zsnes zh-bg5pdf abuse allegro amph angband angband angband armagetronad barrage beret blobby blockrage bomberclone bzflag capitan-sevilla cgoban chocolate-doom choria chroma chromium-bsu clonekeen corewars crimson crossfire-client csmash dangerdeep dd2 defendguin dopewars dopewars dungeon-crawl easyrpg eduke32 egoboo einstein eliot enigma extremetuxracer f1spirit falconseye foobillard freeciv freedroid freedroidrpg frogatto frotz frozen-bubble gamine gargoyle gcompris gemdropx gnuchess gnugo gnushogi golly heroes hex-a-hop irrlamb komi lbreakout2 lgeneral lincity lincity-ng lostpixels love maelstrom meandmyshadow micropolis minetest mirrormagic moon-buggy moonlander moonlander moria nethack nethack nethack neverball numptyphysics omega oolite openarena opensonic openttd pacman-arena pioneers pokerth prboom prboom-plus puzzles qgo qstat quake2 redeclipse rftg ri-li roadfighter rocksndiamonds scorched3d scummvm scummvm-tools sdlroids sdlzombies slash slash slash-em slash-em snipe2d spacehulk spacezero speeddreams spider stepmania stone-soup stone-soup sudognu sudoku-solver supertux supertuxkart teeworlds toppler tornado tuxkart tuxpaint tuxpaint-config uqm valyriatear vectoroids vitetris vms-empire vodovod wanderer warmux warzone2100 wesnoth wesnoth widelands wizznic xasteroids xbat xbattle xbill xbl xblast xboard xboing xbomber xbreaky xbubble xcubes xdeblock xdino xgalaga-sdl xinvaders xjewel xjig xkobo xkobo xlife xmahjongg xmine xminehunter xminesweep xmoto xmris xonix xpat2 xpilot xscavenger xscrabble xskat xwelltris xwelltris xzip zangband zangband zaz zoom garmindev gdal gimgtools gpsbabel gpstk postgis py-proj qgis qlandkarte qlandkartegt viking DevIL GraphicsMagick ImageMagick aalib agg animorph aqsis argyll autopano-sift-c babl barcode blender cairo cal3d cqcam darktable dcmtk dcraw dia digikam djview4 djvulibre dpic enblend-enfuse enjoympeg evince exiftran feh flash freeimage fxtv gd gdk-pixbuf2 gegl geomview gif2png gifsicle gmt gocr goocanvas goocanvas2 gphoto2 gpicview gracula graphite2 hugin imlib2 inkscape ipe iview jbig2dec kimdaba lasem lcms lcms2 lensfun leptonica libart libcaca libexif libexif-gtk libgphoto2 libiptcdata libkdcraw libmpeg2 libpano13 libraw libvidcap libwmf lsys luvcview mandelbulber mapnik mpeg_encode mpeg_play mscgen netpbm ocaml-camlimages opencv openexr-viewers openimageio openjp2 openjpeg openscenegraph p5-Image-EXIF p5-Imager pigment potrace povray pstoedit py-Imaging py-Pillow py-matplotlib rawstudio rawtherapee ruby-rmagick ruby-rmagick ruby-rmagick s10sh sane-backends simgear sketch tesseract tgif tiff tkimg ufraw xanim xaos xbmbrowser xfig xmedcon xmms-kj xoris xpaint xsane xsane xzgv zbar zint anthy ibus scim scim-anthy scim-chewing scim-fcitx uim Wnn canna groff gwaei jvim jvim jvim jvim kakasi kanatest kanjipad kanjips kterm kterm less mecab onew onew onew jlint hanterm-xf STk arena chicken classpath clisp datalog expect freehdl g77 gawk gfortran ghc gprolog guile hugs intel2gas io iverilog jamvm jikes jimtcl librep luajit mawk mono node nqp obc ocaml oo2c open-cobol otcl parrot pfe racket rubinius sbcl scheme48 seed7 spidermonkey swi-prolog ucblogo unicon verilator alpine altermime archiveopteryx asmail avenger avenger bmf bogofilter bogofilter bogofilter bogofilter bulk_mailer claws-mail claws-mail courier-authlib courier-imap cucipop cue cyrus-imapd cyrus-imapd drac dspam dspam dspam dspam elm evolution evolution-rss exim exim exim exim exim faces fetchmail gmime hashcash isync libspf2 maildrop mairix mboxgrep metamail mimedefang mixmaster nmh nmh perdition pgpsendmail popclient poppassd py-milter sylpheed sympa teapop tkrat tnef vrfy wmbiff wmmail wmpop3 xfaces xlbiff R abs calc cfitsio cgal ecm fftw foma freemat gnumeric gnuplot gnuplot grace graphviz grpn hexcalc kst libqalculate matio mcsim netcdf ntl octave p5-Math-Pari pari plplot py-Numeric py-numpy py-scipy qhull qtoctave sc udunits wmcalc xspread yorick amanda astrolog bible-kjv brltty cdrdao cdrdao clex deco delay dialog digitemp findutils hfsplus jive lifelines logjam magicpoint mc memchan most mshell openbabel pdmenu plan randtype remind rlwrap rocrail rpm screen screen splitvt srcpd supercat tapclean teseq uniutils viz vttest wmtimer wordnet xd xgas xless xnc xtar xtimer ytree zzuf atomicparsley avinfo ccextractor dvdauthor ffmpeg2theora kguitar libaacs libbluray libmms libmp4v2 libquicktime libvpx lives lsdvd mediatomb ming minidlna mjpegtools mjpegtools mkvtoolnix mkvtoolnix mpgtx oggz ogmrip ogmtools schroedinger subrip subtitleripper swftools transcode x264 xine-lib xine-ui xvidcore yle-dl GeoIP adns aget amsn ap-utils argus argus-clients arping arpwatch avahi avahi avahi axel balance bird bird bitlbee bitlbee bitlbee bitlbee bnc bro cadaver centerim cftp clamz climm clive crawl curl dclib dhcping dictd dnscrypt-proxy dnsmasq dnstracer dxpc dysnomia echoping epic4 ettercap ettercap ez-ipupdate filezilla firewalk flickcurl flow-tools flvstreamer fmirror freetalk gloox gmudix gopher gssdp haproxy httptunnel icb icecast ices ices2 icmpinfo iftop igmpproxy ike-scan inadyn ipaudit irc ircII ircd-hybrid ircd-ratbox irssi-silc isc-bind isc-dhcp jabberd jabberd jnettop ktorrent ldistfp lftp libbgpdump libbind libcares libdnet libgadu libircclient libnids liboauth libshout libsmi libst libtorrent libupnp livemedia luasocket luasocket meanwhile microblog-purple mktorrent mrtd mrtg mtr mtr mudix mutella nam ncftp neon netatalk ngrep nmap ns nslint nslint nsping ntop ntp nylon ocsync olsrd opal openconnect openvpn-auth-ldap osrtspproxy owamp p5-IO-Interface p5-Net-Patricia p5-Net-RawIP p5-Net-TCLink packit pavuk pavuk pdnsd pen pidgin pidgin pidgin-sipe pidgin-tlen pmacct poco poink poptop powerdns ptpd putty py-adns py-libpcap quagga queso quirc radiusd-cistron rbldnsd retroshare rrdtool rtmpdump rtorrent ruby-eventmachine ruby-eventmachine ruby-eventmachine serf sharity-light si silc-client silc-server silc-server sing sipcalc sipsak snort socat spectrum ssldump ssvnc synergy tacacs+ tcludp tcpflow tcpreplay tcpslice tcpstat tcptrace thcrut tintin++ tinyfugue tircproxy tn5250 totd trafd trafshow trickle udns ushare uucp vncsnapshot weechat weex wget wide-dhcp winexe wmifinfo wmwave xchat xl2tpd xmlrpc-c yafc yaz ytalk ytalk ziproxy znc zsync leafnode newsfetch nn pan plor slrn tin trn 9wm larswm sam u9fs w9wm wily a2ps bibview cups cups-filters detex enscript fontforge foo2zjs foomatic-filters ghostview gtklp gutenprint gv htmldoc libXp libpaper lilypond lout lyx pdflib poppler poppler psutils t1utils transfig aqbanking gnucash ledger osmo siag sunbird taskwarrior tdl workrave xinvest xquote aide aircrack-ng antisniff bfbtester bounix ccid ccrypt cfs clamav cracklib cryptcat cvechecker cyrus-sasl2 cyrus-sasl2 cyrus-sasl2 cyrus-sasl2 cyrus-sasl2 dsniff dsniff fcrackzip fragrouter gnupg gnupg gnupg2 gnutls hlfl hs-cryptohash hydra its4 john libassuan libfprint libgcrypt libgsasl libident libksba libmcrypt libnettle libotr libssh libssh2 logsurfer luacrypto lxnb mcrypt nbaudit nss oath-toolkit opencdk opensc ophcrack outguess p11-kit p5-Crypt-Serpent p5-Digest-Nilsimsa p5-Digest-Skein p5-Net_SSLeay parse passwdqc pgp pgp5 pinentry py-cryptkit py-openssl samdump2 samhain samhain samhain shash shash stegdetect steghide strobe tcltls xca xmlsec zebedee zkt bash dash ksh93 sash scsh zsh apcupsd augeas bacula bacula bacula bchunk bubblemon-dockapp cfengine clusterit clusterit conky conky conky conky conky coreutils dcfldd duplicity dvd+rw-tools dwdiff e2fsprogs eventlog freeipmi ggrep gource grub idled ipmitool ktsuss libretto-config libvirt logstalgia modlogan mtools multitail ncdu ntfs-3g p5-Proc-ProcessTable pciutils pv radmind rdiff-backup rtty sdd setquota shunt skill smartmontools socket syslog-ng tarsnap tcplist testdisk usbutils whowatch wmcb wmcube xbatt xbattbar xjobs xps zap astmanproxy fobbit iaxclient iaxmodem libosip2 pjsua siproxd sofia-sip spandsp stuntman TclXML antiword arabica calibre catdoc catdoc diffstat discount docbook-to-man enchant eruby exempi gdiff glimpse gnuvd groff gsed gtranslator highlight hunspell hyperestraier icu4c idiff iksemel isearch ispell jq lgrind libical libwbxml libxml libxslt link-grammar lq-sp mgdiff mupdf mxml namazu oniguruma openjade opensp ots p5-Text-Aspell p5-XML-SAX-ExpatXS par patchutils pdftk pinfo py-lxml py-xml raptor rarian rasqal redland ruby-hpricot ruby-hpricot ruby-hpricot ruby-nokogiri ruby-nokogiri ruby-nokogiri ruby-rdiscount ruby-rdiscount ruby-rdiscount ruby-redcloth ruby-redcloth ruby-redcloth rxp sablotron sgmlformat sim sp spiff swish-e uncrustify vislcg3 wdiff xpdf analog ap2-mod_fastcgi ap2-mod_jk apache-httpd cgit chromium chromium cntlm cronolog dansguardian dillo elinks fcgi goaccess gtkhtml3 gtkhtml4 haserl haserl haserl haserl hiawatha larbin libghttp lighttpd lighttpd lighttpd lighttpd links links+ links+ man2web mod_auth_bsd mod_auth_kerb mod_auth_pgsql mod_bandwidth mod_fastcgi mod_geoip mod_gzip mod_jk mod_mp3 mod_mp3 mongrel2 opengroupware p5-CGI-SpeedyCGI p5-HTML-Embperl p5-HTTP-Parser-XS pound retawq sarg sarg slowhttptest snownews sogo sope sthttpd swiggle tidyp tinyproxy tntnet varnish visitors w3m w3m w3m w3m webalizer webkit webkit wml www6to4 wwwcount wwwoffle yaws Xaw3d XawMu Xdialog afterstep amiwm asapm asfiles astime bbdate bbpager blackbox bricons byzi chbg ctwm dbus dclock driftnet emiclock enlightenment eterm eterm fleditor fltk fluxbox fluxter flwm freerdp fsv fvwm2 fvwm95 gbdfed gentoo goggles gtk+ gtk+2 gtk+3 gtk2mm gtk3mm gtkdatabox i3 i3status icewm ion irrlicht isomaster itk jwm krusader lupe mlterm mouseclock mowitz mplayer mrxvt mterm mxconns neXtaw nitrogen ogle ogre openmotif oroborus p5-Tk p5-Tk-TableMatrix p5-Wx piewm pypanel qt3 qvwm ratpoison rdesktop remmina rep-gtk rox-filer roxterm rxvt rxvt-unicode sakura sawfish sisctrl sliderule slim swisswatch tellico tkdnd tkhtml tktable tktray tktreectrl treewm tvtwm uwm viewfax virt-viewer vlc waimea windowmaker wmbutton wmclock wmclockmon wmii wminfo wmitime wmmenu wmmenu wmthemeinstall wmtime wmtz wmweather wmx wterm wxWidgets x11vnc x2vnc xantfarm xarchive xautolock xawtv xbae xcb xco xcoloredit xdaliclock xdesktopwaves xdmchoose xdtm xdu xfed xfm xforms xglobe xglobe xgrab xkeycaps xloadimage xmascot xmold xplot xpostit xpostitPlus xprompt xruskb xscreensaver xscribble xtacy xtraceroute xtu xvkbd xwrits xzoom yeahconsole Quite worrying. The odds of overflow or truncation are very high. (2) The above sprintf numbers are quite worrying. On the bright side, snprintf utilization is probably better than a few years ago. 1810 (38% of 3535) of packages use it. gcpio gshar+gunshar gtar gtar libarchive libmspack libtar libzip lzop par2cmdline sltar unshield xz celestia dgpsip gcal wmspaceweather aqualung ardour audacious audacious-plugins cdparanoia celt celt051 celt07 cmu-sphinxbase daapd deadbeef easytag esound espeak fluidsynth gimmix gmpc gnomad2 gqmpeg grip gtkpod herrie hgd hydrogen jack libao libcanberra libcdaudio libcddb libcdio liblo libmikmod libmp3splt libmpd libmpdclient libnjb libsndfile libworkman lmms midish mikmod milkytracker mp3blaster mp3splt mp3splt-gtk mpc mpd mpd mpdscribble mpg123 mpg321 mt-daapd multimux mumble ncmpc nosefart openal opennap opus-tools p5-Audio-Scan pianobar pms pulseaudio py-vorbis rioutil rplay rtunes schismtracker shell-fm soundtracker sox speech-dispatcher speex streamripper swh-plugins tagtool teknap timidity twolame umurmur vagalume vorbis-tools vorbisgain wmmp wmmp3 wmtune wmtune xhippo xmms-mad xmms-sid xmms2 xmms2-scrobbler xmp blogbench bonnie++ httperf netperf siege sysbench sysbench sysbench nutdb geda-gaf gerbv gtkwave kicad ngspice pcb xcircuit amtterm birda c3270 conserver efax fldigi gnokii hamlib hylafax hylafax jpilot lcdproc minicom obexftp owx picocom pilot-link scmxx smstools tlf wy60 xastir libdvdcss libpst libunistring p5-Convert-UUlib p5-JSON-XS p5-Unicode-LineBreak pflogx ripmime wv2 apache-couchdb dbic++ evolution-data-server freetds gnats gq iodbc kyotocabinet leveldb libdbi libdbi-drivers luadbi luadbi mysql openldap openldap openldap23 p5-DBD-Pg pg_statsinfo pg_top pgadmin3 pgbouncer pgpool postgresql postgresql-odbc postgresql-plv8 py-ldap redis repmgr ruby-amalgalite ruby-bdb ruby-do_postgres ruby-do_postgres ruby-mysql ruby-mysql strigi tdb virtuoso xapian-core ORBit2 atlas autogen avrdude bzr ccrtp cflow cgdb check chmlib cmockery codeblocks commoncpp cppcheck cscope cunit cvslock cvsps darcs dotconf doxygen doxygen droplet erl-ejson erl-jiffy flex gdb geany gettext gflags git glib2 glog gmp gpatch gtest gwenhywfar harfbuzz imake json-c lam libast libaudiofile libclog libconfig libdaemon libdvdread libee libgtop2 libhid libio libivykis libixp libmagic libmemcached libmtp liboil libplist libsoup libspectrum libusb-compat libusb1 libxsvf libyajl llvm log4c lua-cjson lua-cjson m4 mcs mowgli mspdebug mysql++ nasm ninja ocaml-pcre omake opencm openmpi openocd orc p5-Devel-NYTProf physfs protobuf protobuf-c py-gobject py-gobject3 py-gobject3 py-radix py-setproctitle py-setproctitle pygame pysvn readline remake ruby-home_run ruby-kgio ruby-ncurses sdl sdl-sound sfio simulavr sparsehash splint srecord startup-notification subversion tclcl tla varconf vte vte3 abiword dhex emacs emacs emacs fte gummi hnb ht ht joe ldapvi nvi nvi nvi-m17n nvi-m17n scite se zile drgeo verbiste BasiliskII bochs bochs coldfire desmume dgen-sdl dgen-sdl dosbox dynamips fceux frodo fs-uae fuse fuse-utils gxemul mednafen nestopia openmsx qemu sdlmame sdlmess snes9x stella vbam xnp2 abuse afternoonstalker armagetronad barrage batrachians blobby blobwars burgerspace bzflag capitan-sevilla chocolate-doom chroma clines clonekeen corewars cosmosmash crossfire-client csmash dangerdeep defendguin dungeon-crawl eboard eduke32 egoboo einstein eliot enigma extremetuxracer f1spirit freedroidrpg frozen-bubble gargoyle glsfcave grhino gtetrinet hex-a-hop icebreaker irrlamb kobodeluxe kobodeluxe late lbreakout2 lincity-ng manaplus meandmyshadow micropolis minetest moonlander moonlander netris numptyphysics oilwar openarena opensonic openttd openxcom pingus pioneers pokerth prboom prboom-plus pushover qstat quake2 roadfighter scorched3d scummvm scummvm-tools snipe2d spacezero spatial speeddreams stepmania stone-soup stone-soup sudognu sudoku-solver supertux supertuxkart teeworlds toppler tutris tuxpaint tuxpaint-config uqm vodovod warmux warzone2100 wesnoth wesnoth widelands wmtictactoe wordwarvi xboard xboing xcowsay xgalaga-sdl xkobo xkobo xmoto xsoldier gdal geos gpsbabel osm2go postgis qgis viking amide aqsis argyll asymptote babl blender cairo colord darktable dcraw dmtx-utils dpic dumpmpeg exiftran exiv2 feh ffmpeg fswebcam gegl geomview gfract giflib gphoto2 gpicview grap gtkam hugin imlib inkscape jasper jbig2dec jhead jpeg lcms lcms2 lensfun leptonica libcaca libdmtx libexif libgexiv2 libgphoto2 libiptcdata libkexiv2 libpano13 libqrencode libraw libvidcap luvcview mandelbulber mhgui mscgen netpbm node-canvas opencv openimageio p5-GD p5-Image-EXIF p5-Imager povray py-matplotlib qiv quesoglc rawstudio ruby-rmagick s10sh sane-backends scrot simgear sxiv tesseract tgif tiff tkimg ufraw vcdimager videod wmgrabimage wmphoto xfig xsane xsane zbar anthy ibus scim scim-hangul scim-pinyin uim uim-chewing canna kinput2 kinput2 kinput2 jlint hanterm-xf classpath eltclsh gawk gfortran ghc hugs io iverilog jamvm jimtcl librep libv8 mono newlisp node obc open-cobol parrot pcc petite-chez racket rubinius sbcl swi-prolog tinyscheme unicon abook akpop3d alpine altermime avenger avenger bmf bogofilter bogofilter bogofilter bogofilter clamsmtp claws-mail claws-mail courier-authlib courier-imap cue cyrus-imapd cyrus-imapd dkim-milter dspam dspam dspam dspam evolution evolution-ews exim exim exim exim exim fetchmail hashcash hypermail hypermail imapfilter imapproxy ldapvacation libetpan libspf2 lumail maildrop mew milter-checkrcpt milter-greylist milter-regex milter-spamd mimedefang mini_sendmail mixmaster mlmmj msmtp nmh nmh nmzmail osbf-lua osbf-lua perdition s-nail smsmail smtp-vilter smtp-vilter smtpclient solid-pop3d solid-pop3d sympa teapop tkrat wmbiff wmmultipop3 wmpop3 R calc calcoo fftw3 fftw3 foma freemat galculator gnumeric gnuplot gnuplot kst libqalculate mathomatic mcl py-numpy sc udunits wcalc wmcalc amanda brltty cdrdao cdrdao findutils geekcode gnuwatch gpsd lifelines magicpoint memcached most openbabel randtype redshift rlwrap srcpd supercat uniutils wmmand wordnet xcdroast zzuf dvdauthor dvdbackup dvdstyler ffmpeg2theora imagination k3b libdv libdvdnav libmms libmp4v2 libquicktime libvpx lives lsdvd mediatomb ming minidlna mjpegtools mjpegtools mkvtoolnix mkvtoolnix oggz ogmrip p5-Storable-AMF subrip subtitleripper swfmill swftools transcode vitunes x264 xine-lib xine-ui yle-dl GeoIP adsuck aget aguri aiccu amsn amule angst ap-utils argus argus-clients arp-scan arpcatch arpd arping avahi avahi avahi axel balance bro btpd bwm-ng cadaver centerim cgo climm cnupm crawl cvsync daq darkstat dclib dictd dnsmasq dnstop dsocks ekg epic4 etherape ettercap ettercap ez-ipupdate ezstream farstream filezilla flow-tools flowd flvstreamer fmirror fping freetalk ftpsesame gopher gophernicus gotthard haproxy honeyd icb icbirc icecast ices ices2 ifmcstat ifstat iftop igmpproxy ii ike-scan inadyn iodine ipcad iperf ipfm iplog ipv6calc ircII ircd-hybrid ircd-ratbox irssi irssi irssi-icb irssi-silc isc-bind isc-dhcp jabberd jabberd jftpgw jnettop kismet kissd ktorrent ladvd ldistfp lftp libbgpdump libdnet libgadu libircclient libktorrent liboauth libpcapnav librsync libshout libtorrent libupnp livemedia lldpd mcabber microblog-purple mosh mrtd mrtg mtr mtr mutella nbtscan ncftp nemesis nepenthes nepim netatalk netbsd-iscsi-target nfdump ngircd nmap ns nsping ntp nylon ocsync oidentd olsrd onioncat opal openconnect openmdns openvmps ortp owamp p5-Net-DBus packit pavuk pavuk pchar pdnsd pen pfstat pidgin pidgin pidgin-icb pidgin-tlen pktstat plushs pmacct pop3gwd poptop pork powerdns pptp proxy-suite psi pure-ftpd pure-ftpd pure-ftpd pure-ftpd pure-ftpd pure-ftpd pure-ftpd pure-ftpd putty py-pcapy quagga radiusd-lucent rbldnsd retroshare rrdtool rsync rsync rtmpdump rtorrent ruby-eventmachine samba samba samba scamper si silc-client silc-server silc-server sipcalc sipsak slurm snort socat softflowd spectrum spectrum-tools sslh synergy tcludp tcpflow tcpreen tcpreplay tcpstat tcptrace thcrut tn5250 tor torsocks totd transmission trickle unbound unworkable ushare valknut vnstat vsftpd weechat wget wide-dhcpv6 winexe wmifinfo wmnet xchat xl2tpd xmlrpc-c xmlrpc-epi xorp xprobe yersinia ysmv7 ziproxy znc zsync leafnode pan slrn tin yencode sam w9wm apvlv cups cups-filters fontforge foomatic-filters gtklp gutenprint gv htmldoc lilypond lss mpage poppler poppler splix aqbanking calcurse gnucash sunbird taskwarrior workrave aide aircrack-ng amap antisniff arirang assl bfbtester bsd-airtools ccid cfs chntpw clamav cracklib ctunnel cvechecker cyrus-sasl2 cyrus-sasl2 cyrus-sasl2 cyrus-sasl2 cyrus-sasl2 dante dsniff dsniff erl-bcrypt fragroute fragrouter gnupg gnupg gnupg2 gnutls gpgme hlfl hydra ikeman ipguard jailkit kc klaxon libassuan libgcrypt libgsasl libotr libpwquality libssh libssh2 libtasn1 mcrypt netpgp node-bcrypt nss oath-toolkit openpam opensc ophcrack otpcalc outguess p11-kit p5-Net_SSLeay pcsc-lite pinentry pwsafe pwsafe py-bcrypt py-crack py-pykpass scanlogd scanssh sentinel siphon smbsniff ssh-ldap-helper sshguard sshguard stegdetect stunnel tempwatch towitoko vomit vpnc wpa_supplicant xca zebedee zkt bash nsh osh anacron apachetop apcupsd augeas autossh bacula bacula bacula bubblemon-dockapp cfengine clusterit clusterit colorls conky conky conky conky conky consolekit coreutils cyphertite dcfldd ddrescue detox diskrescue downtimed dwdiff e2fsprogs eventlog faubackup freeipmi fsstress gamin gource gpioflicker hot-babe hotplug-diskmount iogen ipmitool librelp libstatgrab libvirt logfmon login_ldap login_oath logstalgia lsof modlogan monit mtools multitail multitime ncdu ntfs-3g openpoppassd p5-Sys-Virt pciutils pftop pv radmind rancid rsyslog shmux sleuthkit smartmontools symon syslog-ng tabled testdisk toad toprump torture tpb tray-app upsd uptimed usbutils vifm whowatch wmwlmon xjobs xstatbar xuvmstat ykpers astmanproxy iaxclient iaxmodem libosip2 pjsua siproxd sofia-sip spandsp TclXML calibre clucene diction eruby exempi gdiff gnuvd groff highlight libical liblrdf libnxml libxml libxmlsd libxslt link-grammar mupdf mxml namazu p5-Template p5-Text-Tmpl pinfo raptor rarian rasqal redland ruby-redcarpet ruby-redcarpet ruby-redcarpet sablotron sphinx sphinx tinyxml tre uncrustify urlview urlview wdiff xxdiff zoem ap2-mod_jk aria2 bozohttpd cgit chromium chromium clearsilver cntlm dansguardian dillo elinks ffproxy goaccess haserl haserl haserl haserl havp hiawatha http_load http_ping junkbuster larbin lighttpd lighttpd lighttpd lighttpd links+ links+ mod_auth_bsd mod_auth_kerb mod_auth_pgsql mod_jk mod_ldapvhost mod_mp3 mod_mp3 mod_ruby mongrel2 mozplugger newsbeuter nostromo opengroupware polipo pound privoxy ruby-passenger ruby-passenger ruby-unicorn sarg sarg snownews sope spawn-fcgi squidclamav sthttpd surf tinyproxy varnish visitors webalizer webkit webkit wml xapian-omega xombrero aewm afterstep awesome bbpager dbus dclock dmenu driftnet dwm e16keyedit echinus enlightenment eterm eterm evilwm fbpanel fltk fluxbox freerdp fsv gaia golem gtk+2 gtk+3 gtk-vnc i3 i3status icewm ion irrlicht isomaster jwm libfm mlterm mowitz mplayer mrxvt mterm netwmpager nitrogen ogle ogle_gui ogre openmotif oroborus pbrowser pcmanfm pinot pwm rdesktop remmina rendercheck rxvt-unicode sawfish skippy slim spectrwm spice-gtk st stalonetray tabbed tint tkhtml treewm vlc windowlab windowmaker wm2 wmcalclock wmclockmon wmfishtime wmthemeinstall wmtz wmx x11vnc xbindkeys xcb xfe xforms xloadimage xplanet xrestop xscreensaver xsel xsnow xwrits Finally, I would like to take this opportunity to remind everyone of this piece from the strlcpy(3) manual page found at http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy [...] RETURN VALUES Besides quibbles over the return type (size_t versus int) and signal handler safety (snprintf(3) is not entirely safe on some systems), the following two are equivalent: n = strlcpy(dst, src, len); n = snprintf(dst, len, "%s", src); Like snprintf(3), the strlcpy() and strlcat() functions return the total length of the string they tried to create. For strlcpy() that means the length of src. For strlcat() that means the initial length of dst plus the length of src. [...] snprintf, strlcpy, and strlcat are used in exactly the same way. Using .o file symbols like above does not prove to us whether people are using the APIs in the most careful way -- that would require a source code inspection. But to provide an example, bind9 contains 114 uses of snprintf which don't check the return value to spot truncation, with code like the following char buf[DNS_NAME_FORMATSIZE + sizeof(": TSIG ''")]; [...] char namebuf[DNS_NAME_FORMATSIZE]; dns_name_format(&zone->tsigkey->name, namebuf, sizeof(namebuf)); snprintf(buf, sizeof(buf), ": TSIG '%s'", namebuf); Fine, maybe it is safe, of the "it has been audited, and next time someone is here, they will audit it again". I also don't have time to verify this or the 113 other cases, nor is it my job. I bring this up to ask why strlcpy/strlcat are being held to some arbitrary standard that they should handle truncation better .. when it is the case that it is handling it JUST LIKE the commonplace snprintf API. Right here in mainstream code, we see that snprintf's return is not being handled, against best practice taught everywhere. Should snprintf call abort? That's ridiculous. Should it crash? What should it do? The fact that no other function of that sort has ever made it into the mainstream perhaps shows the arguments are weak. If something is better, take some real software and fix it. To upstream authors of software who are using the functions: please continue incorporating more of them into your software, because it is good for the users of your software. Please check the return values to spot truncation as described the manual page, and properly handle that condition in the best way you can based on the location of the call. Thanks! [prev in list] [next in list] [ prev in thread ] [ next in thread ]