[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-tech
Subject:    On the matter of strlcpy/strlcat acceptance by industry
From:       deraadt () cvs ! openbsd ! org
Date:       2013-12-18 4:01:16
Message-ID: 201312180401.rBI41GET031793 () cvs ! openbsd ! org
[Download RAW message or body]

From time to time, there are people who say that strlcpy and strlcat
are stupid.

This is a little frustrating because we just want developers to have
an easier time writing/auditing string code to avoid overflows and
truncations, especially considering so many standard C APIs require
fixed length strings or have other limits, and will in the forceable
future.

You probably all know about the mainstream users of these functions,
like the Linux kernel, or MacOS, or the other BSD's, and Solaris.  But
there are many, many more, and it is time to show the global
strlcpy'ing deniers the reality.

I've collected some statistics to see how much upstream software use
these functions.

I asked Stuart Henderson to collect a "recursive nm .o" for every
piece of software built in our ports tree.  It's roughly 2GB of
text output.

For those who don't know, that ports tree is basically a repository of
all the application software we supply as an add-on on top of the base
operating system.  Each of those becomes a package, so that is what we
are looking at.  They are pretty much the bulk of the commonly-used
Unix applications found on all systems.

These packages do not generally include things like openssh, perl, or
X11, sqlite, or a number of other small things directly integrated
into the OpenBSD base.  But that's OK, because those I just mentioned
do use strlcpy and strlcat in their upstream repositories.

So 3535 packages contain .o files, and now we can grep to see what
they define or use.

In essence, a piece of software will likely fall into one of these
catagories:

    (0) Not use the functions at all.
    (1) Will assume that the system has the functions in libc.
    (2) Will have a configure-style "feature-test" which tests if libc
        contains the functions, and thus turn on a cpp symbol such as
	HAS_STRLCPY, then use the libc version.  Otherwise it will
        avoid using them...
    (3) More commonly, if the feature-test fails, it will substitute
        copies from its own tree.  Essentially to cope with glibc.
    (4) Some software contain their own version, typically copied
        from us, but renamed.  There are many of these.

Let's look at these cases backwards, for reasons that become obvious
as we move ahead.

(4) Who is defining their own versions of the functions, with slightly
    different names?  The obvious names we find are:

	SDL_strlcpy		SDL_utf8strlcpy		_iodbcdm_strlcpy
	_strlcpy		ascii_safe_strlcpy	av_strlcpy
	cli_strlcpy		dt_utf8_strlcpy		fc_strlcpy
	fl_strlcpy		flac__strlcpy		fz_strlcpy
	g_strlcpy		hd_strlcpy		isc_string_strlcpy
	lg_strlcpy		llvm_strlcpy		loud_strlcpy
	mcs_strlcpy		mg_strlcpy		monoeg_g_strlcpy
	mowgli_strlcpy		my_strlcpy		mystrlcpy
	os_strlcpy		pa_strlcpy		rb_strlcpy
	sg_strlcpy		sl_strlcpy		sm_strlcpy
	test_evutil_strlcpy	test_strlcpy		tr_strlcpy
	ut_strlcpy		utf8_strlcpy		uv_strlcpy
	vi_strlcpy		xstrlcpy		zbx_strlcpy

	SDL_strlcat		SDL_strlcpy		_iodbcdm_strlcat
	av_strlcat		fc_strlcat		fl_strlcat
	flac__strlcat		fz_strlcat		g_strlcat
	hd_strlcat		isc_string_strlcat	ixp_strlcat
	mcs_strlcat		mowgli_strlcat		mystrlcat
	rb_strlcat		sg_strlcat		sl_strlcat
	sm_strlcat		ssh_strlcat		uv_strlcat
	vi_strlcat		wmii_strlcat		xstrlcat
	zbx_strlcat

    Replacement copies seem to be quite popular.  Some of the names
    hint at who is doing this, but we can search by these functions to
    see which packages are defining them:

	bogofilter bro clamav cntlm cups-filters darktable dkim-milter
	ffmpeg flac fltk freeciv fte glib2 gtk-gnutella htmldoc iodbc
	ircd-ratbox isc-bind isc-dhcp ksh93 leafnode libixp libstatgrab
	link-grammar linkchecker llvm mathomatic mcs mono mowgli mupdf
	mysql node pmacct postgresql pulseaudio rlwrap samhain sdl2
	tcpreplay transmission visitors wmii wpa_supplicant xfe xpilot
	zabbix

    So 73 (2% or 3535) of packages define either of these for themselves
    under a new name.  This may seem like a small list, but look it
    contains monsters like glib2, postgresql, and mysql.  In particular,
    those monster contain libraries..  this will become more obvious a
    bit further on.

(3) What about software which substitutes their own, when they don't
    find ours?  This is harder to determine in the OpenBSD ports tree
    because our libc functions will always be found.  However, we can
    see if any ports sloppily compile their own versions, even though
    we have it...

	databases/pgpool: T strlcpy
	devel/p5-File-RsyncP: T strlcpy
	devel/py-setproctitle: T strlcpy
	editors/fte: T strlcpy
	games/oolite: T strlcpy
	games/stone-soup: T strlcpy
	games/xpilot: T strlcpy
	mail/akpop3d: T strlcpy
	net/bro: T strlcpy
	net/tcpreplay: T strlcpy
	shells/ksh93: T strlcpy
	www/cntlm: T strlcpy
	www/linkchecker: T strlcpy
	x11/xfe: T strlcpy

	editors/fte: T strlcat
	games/xpilot: T strlcat
	net/bro: T strlcat
	net/pmacct: T strlcat
	net/tcpreplay: T strlcat
	shells/ksh93: T strlcat
	www/cntlm: T strlcat
	www/linkchecker: T strlcat
	x11/xfe: T strlcat

    This was rather unexpected.   These software teams have decided to
    simply use the same name, for (hopefully) the same functionality.

(2) Regarding the question of code which uses a feature test to find if
    the functions exist, and having not found them, then avoids them?
    We cannot test using the "symbol table" method.  A test would need
    to be run on a system without the functions in libc.  That test
    cannot be run on a BSD, MacOS, or Solaris...

(1) The question of which ports use the functions in libc should really
    be split into two questions.   How many use our functions
    (strlcpy and strlcat)?  How many use the renamed functions
    (for instance, g_strlcpy from glib, isc_string_strlcpy, etc).

    The following 254 (7% of 3535) of packages use our strlcpy:

	GraphicsMagick Wnn adsuck aircrack-ng akpop3d anacron angst apcd argus
	arp-scan asclock assl aucatctl autogen avahi bitlbee bogofilter bro
	bwm-ng canna ccid cdrtools cfengine cfs cgit cgo clamsmtp clearsilver
	cntlm cnupm colorls conserver crawl cue cups cyphertite cyrus-imapd
	cyrus-sasl2 darkstat dcmtk dictd diskrescue dnscrypt-proxy dnsfilter
	dsniff dsocks dspam dtach dvdbackup ekg eltclsh epic4 ettercap exiv2
	ezstream fdm femail fetchmail fldigi flowd fltk foomatic-filters
	fragroute freeciv freetds fsstress fte ftpsesame g77 garmin-utils
	gettext git glib2 gnats gophernicus gpioflicker gpsd grace gxemul hoc
	honeyd hotplug-diskmount hping i3status icbirc igmpproxy ikeman iogen
	ipfm ipguard ircd-hybrid ircd-ratbox irssi-silc isc-bind isc-dhcp jack
	jasper jpeg junkbuster kc kicad kinput2 kismet kissd ksh93 kst ladvd
	ldapvacation leafnode libclog libdnet libevent2 libeventextra
	libexecinfo libiconv libmagic libtar libworkman lldpd logfmon
	login_oath mc mcrypt metamail milter-checkrcpt milter-regex
	milter-spamd mod_auth_bsd mod_auth_mysql mono mpage natpmpd nemesis
	netatalk netbsd-iscsi-target netfwd ngircd nmap nostromo nsh nsping
	nvi nylon onioncat oolite openmdns openpam opensc openvpn-auth-ldap
	openvpn_bsdauth p5-File-RsyncP p5-IO-Tty p5-Image-EXIF
	p5-Proc-ProcessTable parse pbrowser pcc pcsc-lite pdnsd perdition
	pfstat pftop pg_statsinfo pgbouncer pgpool phoon pktstat pmacct
	pop3gwd poptop postgresql postgresql-plv8 pptp privoxy procmail pwsafe
	py-openbsd py-setproctitle quagga radiusd-lucent relaydb rlwrap rsync
	rtunes rzip samba sc scanssh sdl sdl2 shmux smsmail smtp-benchmark
	smtp-vilter smtpclient snort softflowd spatial spectrwm
	ssh-ldap-helper stegdetect stone-soup sudognu sudoku-solver symon
	tabled tcpreplay tcpslice teknap tiff tinyproxy tkrat toprump tor
	torture totd transcode transmission tray-app trickle uim umurmur
	unworkable vlc vomit vpnc warzone2100 webalizer wide-dhcpv6 winexe wm2
	wmcalc wmcalclock wmgrabimage wmifinfo wminfo wmmoonclock wmmp3
	wmphoto wmpop3 wmspaceweather wmtimer wmtune wmwlmon xboing xfe
	xine-ui xmms xombrero xorp xpilot xwrits xxdiff zoo

    The following 158 (4% of 3535) of packages use our strlcat:

	GraphicsMagick Wnn anacron angst argus-clients arp-scan arpd asclock
	assl bogofilter bro cfengine clamsmtp clearsilver cntlm cnupm crawl
	cue cups cyphertite cyrus-imapd cyrus-sasl2 darkstat dcmtk dfc dsniff
	dspam ekg eltclsh epic4 ettercap ezstream fdm fetchmail flowd fltk
	foomatic-filters fragroute freeciv fsstress fte ftpsesame g77 gettext
	glib2 gnats gophernicus gpsd grace gxemul honeyd hotplug-diskmount
	hping ikeman ircd-hybrid ircd-ratbox isc-bind isc-dhcp jasper jpeg
	junkbuster kc kinput2 kst ldapvacation libbgpdump libdnet libiconv
	libmagic libworkman libxmlsd linkchecker logfmon mc milter-greylist
	milter-regex milter-spamd mpage mt-daapd nbfc nemesis netatalk netcdf
	netfwd ngircd nostromo nsh nylon onioncat openmdns openpam opensc
	p5-Devel-NYTProf p5-Image-EXIF p5-Proc-ProcessTable parse pbrowser pcc
	pcsc-lite pfe pg_statsinfo pg_top phoon pop3gwd postgresql privoxy
	procmail psdim pwsafe quagga radiusd-lucent relaydb rlwrap rsync
	rtunes rzip samba sc scanssh scrot sdl2 smsmail smtp-benchmark
	smtp-vilter snort softflowd spectrwm ssh-ldap-helper stegdetect
	sudognu symon tabled tcpreplay teknap tkrat toprump tor totd transcode
	tray-app tree trickle uim unworkable vomit vpnc warzone2100
	wide-dhcpv6 winexe wm2 wmcalc wminfo wmmp3 wmtune xine-ui xombrero
	xpilot xwrits

    The following 326 (9% of 3535) packages use another library's
    private *strlcpy function:

	GraphicsMagick Wnn adsuck aircrack-ng akpop3d anacron angst apcd
	apcupsd argus arp-scan asclock assl aucatctl audacious
	audacious-plugins autogen avahi bitlbee bogofilter bro bwm-ng canna
	ccid cdrtools cfengine cfs cgit cgo chromium clamav clamsmtp
	claws-mail clearsilver cntlm cnupm colorls conserver crack-attack
	crawl cue cups cups-pk-helper cyphertite cyrus-imapd cyrus-sasl2
	darkstat darktable dcmtk dictd diskrescue dkim-milter dnscrypt-proxy
	dnsfilter dsniff dsocks dspam dtach dvdbackup dvdstyler eboard ekg
	eltclsh emelfm2 epic4 ettercap evolution evolution-data-server exiv2
	ezstream fdm femail fetchmail ffmpeg flac fldigi flowd fltk
	foomatic-filters fragroute freeciv freetds fsstress fte ftpsesame g77
	garmin-utils gcompris geany gecko-mediaplayer gentoo gettext gigolo
	git glib2 gmfsk gnats gnome-mplayer gnumeric gophernicus gpioflicker
	gpsd grace gtk-gnutella gxemul hoc honeyd hotplug-diskmount hping
	htmldoc i3status icbirc igmpproxy ikeman inkscape iodbc iogen ipfm
	ipguard ircd-hybrid ircd-ratbox irssi-silc isc-bind isc-dhcp jack
	jasper jnettop jpeg jpilot junkbuster kanatest kc kicad kinput2 kismet
	kissd ksh93 kst ladvd ldapvacation leafnode libclog libdnet libevent2
	libeventextra libexecinfo libgtop2 libiconv liblqr libmagic libnice
	libsexy libstatgrab libtar libvirt-glib libworkman link-grammar lldpd
	llvm logfmon login_oath logjam mathomatic mc mcrypt mcs metamail
	milter-checkrcpt milter-regex milter-spamd mod_auth_bsd mod_auth_mysql
	mono mowgli mpage mpd mplayer mupdf mysql natpmpd ncmpc nemesis
	netatalk netbsd-iscsi-target netfwd ngircd nmap node nostromo nsh
	nsping nvi nylon onioncat oolite openmdns openpam opensc
	openvpn-auth-ldap openvpn_bsdauth osmo p5-File-RsyncP p5-IO-Tty
	p5-Image-EXIF p5-Proc-ProcessTable pan parcellite parse pbrowser pcc
	pcsc-lite pdnsd perdition pfstat pftop pg_statsinfo pgbouncer pgpool
	phoon pidgin pktstat pmacct pop3gwd poptop postgresql postgresql-plv8
	pptp privoxy procmail pulseaudio pwsafe py-openbsd py-setproctitle
	qemu quagga radiusd-lucent rawstudio relaydb remmina rhythmbox rlwrap
	rsync rtunes rzip samba samhain sc scanssh scmpc sdl sdl2 sdl2-ttf
	shmux smsmail smtp-benchmark smtp-vilter smtpclient snort softflowd
	spatial spectrwm ssh-ldap-helper stegdetect stone-soup streamripper
	sudognu sudoku-solver symon syslog-ng tabled tcpreplay tcpslice teknap
	tiff tinyproxy tkrat toprump tor torture totd transcode transmission
	tray-app trickle ufraw uim umurmur unworkable viking vlc vomit vpnc
	warzone2100 webalizer wide-dhcpv6 winexe wm2 wmcalc wmcalclock
	wmgrabimage wmifinfo wminfo wmmoonclock wmmp3 wmphoto wmpop3
	wmspaceweather wmtimer wmtune wmwlmon wpa_supplicant xboing xfe
	xine-ui xmms xmms2 xnp2 xombrero xorp xournal xpilot xwrits xxdiff
	yabause zabbix zoo

    The following 35 (1% of 3535) packages use another library's private
    *strlcat function:

	bitlbee chromium darktable dkim-milter eboard ffmpeg flac freeciv
	gcompris gecko-mediaplayer gmtk gnome-mplayer gtk-gnutella gtkpod
	htmldoc inkscape iodbc ircd-ratbox jnettop libstatgrab mcs mplayer
	mupdf ncmpc osmo pidgin qemu rlwrap samhain scmpc ufraw uim wmii xmms2
	zabbix

(0) Finally, we should answer the question about who is not using these
    functions or variants.  Let us keep the answer really simple.

    The following 1808 (51% of 3535) packages use strcpy:

	9libs BasiliskII DevIL GeoIP GraphicsMagick ImageMagick ORBit2 R STk
	TclXML Wnn Xaw3d XawMu Xdialog a2ps abclock abiword abook abs abuse
	acpica adns aescrypt afterstep agg agm agrep aide ald allegro alpine
	altermime amanda amap amarok amide amiwm amph amsn amtterm amule
	anacron analog angband angband angband animorph anthy antiword
	ap-utils ap2-mod_fastcgi ap2-mod_jk apache-httpd apr apr-util apr-util
	aqbanking aqsis aqualung arc ardour arena argus-clients argyll
	arpcatch arpwatch asapm ascd asclock asfiles asmail asp2php asp2php
	astime astmanproxy astrolog asymptote atomicparsley aubio audacious
	audacious-plugins audacity augeas autogen autopano-sift-c avenger
	avenger avinfo avrdude axe axel babl bacula bacula bacula balance
	barcode bash beav beaver beret bfbtester bible-kjv bibview bird bird
	birda bison bitlbee bitlbee bitlbee bitlbee bladeenc blender blobby
	blockrage bluefish bochs bochs boehm-gc bogofilter bomberclone
	bonnie++ boost boswars bouml bounix bozohttpd bricons brltty bro
	bsd-airtools bulk_mailer bvi bzflag bzip2 c2t c3270 cabextract cadaver
	cairo cal3d calc calcoo calibre canna capitan-sevilla catdoc catdoc
	ccextractor ccrypt ccze cdk cdparanoia cdrdao cdrdao cdrtools celestia
	centerim cfdg cfengine cfitsio cflow cfs cftp cgal cgdb cgiparse cgit
	cgoban chbg check chicken chipmunk chmlib chntpw chocolate-doom choria
	chroma chromium chromium chromium-bsu clamav clamsmtp clamz classpath
	claws-mail claws-mail clearsilver clementine cless clex climm clisp
	clive clonekeen clucene clusterit clusterit cmake cmu-sphinx3
	cmu-sphinxbase cntlm codeblocks codeworker coldfire colortail
	commoncpp compface conky conky conky conky conky connect4 cook
	cooledit cooledit coreutils corewars courier-authlib courier-imap
	cqcam crack-attack cracklib crimson cronolog crossfire-client crxvt
	cryptcat cscope ctm ctunnel ctwm cucipop cunit cups-filters curl
	cutils cvechecker cvsgraph cvsps cvstrac cyrus-imapd cyrus-imapd
	cyrus-sasl2 cyrus-sasl2 cyrus-sasl2 cyrus-sasl2 cyrus-sasl2 daapd
	dangerdeep dansguardian dante darktable dash dbh dbus dbus-tcl dclock
	dcmtk dcraw ddd deadbeef deco desmume detex detox dgen-sdl dgen-sdl
	dia dialog dictd diction diffstat digikam digitemp dillo discount
	djview4 djvulibre dmenu dnscrypt-proxy dnsmasq dnstracer doc++
	docbook-to-man docbook2x dopewars dopewars dos2unix dosbox dotconf
	doxygen doxygen dpic drac drawterm drgeo driftnet droplet dsniff
	dsniff dspam dspam dspam dspam dtcltiny dumb dumpmpeg dungeon-crawl
	dvd+rw-tools dvdauthor dvdbackup dvi2tty dwm dxpc dynamips dysnomia
	e16keyedit e2fsprogs easytag eboard ebook-tools echoping ecl ecm
	ectags eduke32 ee efax egoboo elinks elvis elvis emacs emacs emacs
	emacs21 emacs21 emboss emiclock enblend-enfuse enca enchant enigma
	enjoympeg enlightenment enscript epic4 epte eruby es esound espeak
	eterm eterm etherape ettercap ettercap evilwm evince evolution
	evolution-data-server exim exim exim exim exim exiv2 expect
	extremetuxracer ez-ipupdate f1spirit faac faad faces falconseye
	fastjar fbpanel fceux fcgi fcrackzip feh fetchmail ffmpeg
	ffmpeg2theora ffproxy fftw fftw3 fftw3 figlet filezilla findutils
	flash fldigi fleditor flex flickcurl flipit flite flow-tools fltk
	fluidsynth fluxbox fluxter flvstreamer flwm fmirror fobbit foma
	fontforge foo2zjs foobillard foomatic-filters fox fping fragroute
	fragrouter freealut freeciv freedroid freedroidrpg freedt freehdl
	freeimage freeipmi freemat freerdp freetds freeze fribidi frodo
	frogatto frotz fs-uae fsv fte fuse fvwm2 fvwm95 fxtv g77 gaia
	galculator gambatte gamgi gargoyle garmindev gawk gbdfed gcal gcompris
	gconf2 gcpio gd gdal gdb gdbm gdiff gdk-pixbuf2 geany geda-gaf gegl
	gentoo geomview geotiff gerbv gettext gforth gfortran ggrep ghc
	ghostview giblib gif2png gifsicle gimgtools gimmix gindent git glew
	glib glib2 glimpse glpk glsfcave gmake gmime gmp gmpc-plugins gmt
	gmudix gnats gnokii gnomad2 gnome-mplayer gnucap gnucash gnuchess
	gnugetopt gnugo gnumeric gnupg gnupg gnupg2 gnuplot gnuplot gnushogi
	gnutls goaccess gobject-introspection goffice goffice08 gogo golem
	golly gone gopher gpa gpatch gpgme gphoto2 gpicview gprolog gpsbabel
	gpsk31 gpstk gq grace graphviz grcs grip groff groff gsed
	gshar+gunshar gsm gtar gtar gtk+ gtk+2 gtk+3 gtk-gnutella gtkhotkey
	gtkhtml3 gtkhtml4 gtklp gtkpod gtksourceview gtkwave gtypist guile
	guilib gummi gutenprint gv gwaei gwenhywfar ha hamlib hanterm-xf
	haserl haserl haserl haserl heroes hex-a-hop hexedit hfsplus hiawatha
	hlfl hnb ht ht htmldoc hugin hugs hunspell hydra hydrogen hylafax
	hylafax hyperestraier hypermail hypermail i3 i3status iaxclient
	iaxmodem ibus icb icecast ices2 icewm icu4c id-utils id3ed id3lib
	idled iec16022 iftop ike-scan imake imapproxy imlib imlib2 inadyn
	iniparser inkscape integrit intel2gas io iodbc ion iozone ipaudit
	iperf ipmitool ipv6calc irc ircII ircd-hybrid ircd-ratbox irrlamb
	irrlicht irssi irssi irssi-silc isc-bind isc-dhcp isearch ish
	isomaster ispell itcl itk its4 ivan iverilog jabberd jabberd jack
	jailkit jam jamvm jed jed jesred jftpgw jhead jikes jlint jnettop joe
	john jove jpilot jvim jvim jvim jvim jwm k3b kaffeine kakasi kanjips
	kasumi keepassx kermit kicad kimdaba kinput2 kinput2 kinput2 kismet
	klavaro klogic knutclient kobodeluxe kobodeluxe komi krusader ksh93
	ksmp3play kst kterm kterm ktorrent l0phtcrack ladspa lam lame larbin
	larswm lasem late lbdb lbreakout2 lcdproc lcms lcms2 ldapvi leafnode
	ledger lensfun leptonica less lftp lgeneral lgrind lha libIDL libJudy
	libXp libaacs libarchive libassuan libast libaudiofile libbgpdump
	libbind libbluray libcaca libcares libcddb libcdio libchewing
	libconfig libconfuse libdbi-drivers libdnet libee libetpan libexif
	libf2c libfm libfmt libfprint libgadu libgcrypt libgdata libgphoto2
	libgpod libgsasl libhangul libical libiconv libid3tag libident libidn
	libircclient libkdcraw libksba liblo liblouis libmcrypt libmemcached
	libmikmod libmodplug libmp4v2 libmpc libmpd libmspack libmtp
	libmusicbrainz libmusicbrainz5 libnids libnipper libnjb libnxml
	liboauth libofa libofx libosip2 libotr libpano13 libpaper libplist
	libproplist libpst libpwquality libqalculate libquicktime libraw
	librelp librep libretto-config libshout libsidplay libslang libsmi
	libsoup libspectre libspf2 libssh libst libstatgrab libtabe libtar
	libtasn1 libtextcat libtool libunicode libunistring libupnp libvirt
	libvorbis libwmf libworkman libxdg-basedir libxml libzip lifelines
	liferea lighttpd lighttpd lighttpd lighttpd lincity lincity-ng
	link-grammar links links+ links+ livemedia lives lldpd lmms log4c
	logjam logpp logsurfer lostpixels loudmouth lout love lrzsz lsof lsys
	lua-lgi lua-lgi luafs luafs luajit luarexlib luasocket luasocket luna
	lxnb lz4 lzo lzo2 lzop m4 mac macutil maelstrom magicpoint maildrop
	mailman mailman mairix man2web manaplus mandelbulber mathomatic mawk
	mboxgrep mc mcabber mcrypt mcsim mecab mediatomb mednafen menu-cache
	metamail mgetty+sendfax mhash mico microblog-purple micropolis mikmod
	milkytracker milter-greylist mimedefang mimepp ming mini_sendmail
	minicom minidlna mirrormagic mixer.app mixmaster mjpegtools mjpegtools
	mk mlmmj mlterm mod_auth_ldap mod_auth_pgsql mod_fastcgi mod_jk
	mod_mp3 mod_mp3 mod_security modlogan mono monotone moon-buggy moria
	most movemail mowitz mozplugger mp3blaster mp3encode mp3gain mp3info
	mp3info mpack mpc mpeg_encode mpeg_play mpegaudio mpfr mpg123 mpg321
	mpgtx mplayer mrtd mrtg mrxvt mscore mshell msmtp mt-daapd mterm
	mtools mtr mtr mudix multimux multitail mupdf musepack mutella mxconns
	mxml mysql naken430asm nam namazu nano nap nasm nbaudit nbtscan ncdu
	ncftp neXtaw nedit neon nepenthes nepim nestopia netatalk
	netbsd-iscsi-target netcdf nethack nethack nethack netpbm netperf
	netpipe netris neverball newsfetch ngspice nmap nmh nmh nn node
	node-bcrypt node-gir node-pg normalize nosefart nqp ns nslint nslint
	nspr nss ntfs-3g ntl ntop ntp nulib nutdb nvi-m17n nvi-m17n nyancat
	oath-toolkit obc obexftp ocaml ocaml-mlgmp ocaml-net ocaml-net ocsync
	octave ode oggz ogle ogle_gui ogmrip ogmtools ogre olsrd omake omega
	onew onew onew oo2c oolite opal open-cobol openarena openbabel opencdk
	opencm openconnect opencv openexr openfst openimageio openjp2 openjpeg
	openldap openldap openldap23 openmotif openmpi openmsx opennap
	openobex openocd openpoppassd opensc openscenegraph opensonic opensp
	openvmps openvpn openvpn-auth-ldap ophcrack optipng orc oroborus ortp
	osm-gps-map osm2go osmo osrtspproxy otcl otf2bdf owamp
	p5-CGI-SpeedyCGI p5-Cairo p5-Convert-Binary-C p5-Convert-UUlib
	p5-DBD-Pg p5-DBD-SQLite2 p5-DBD-Sybase p5-DBI p5-Data-Dump-Streamer
	p5-File-MMagic-XS p5-File-RsyncP p5-HTML-Embperl p5-Image-EXIF
	p5-Imager p5-Locale-Hebrew p5-Math-Pari p5-Net-RawIP p5-Net-TCLink
	p5-Net_SSLeay p5-PadWalker p5-Quota p5-Term-ReadLine-Gnu
	p5-Text-Aspell p5-Text-Tmpl p5-Tk p5-Tk-TableMatrix p5-Wx
	p5-XML-LibXML p5-XML-SAX-ExpatXS p5-libapreq p5-libapreq2 p5-sybperl
	pan pango pangox-compat par par1cmdline par2cmdline parcellite pari
	parrot parse patchutils pavuk pavuk pcb pccts pcre pcsc-lite pcsxr
	pdflib pdmenu pen perdition pfe pg_statsinfo pg_top pgadmin3 pgp pgp5
	pgpool pgpsendmail pgtcl physfs pidgin pidgin pidgin-sipe pidgin-tlen
	piewm pilot-link pinentry pinfo pingus pioneers pjsua plan plib plor
	plplot pmacct pms pngcrush poedit polipo popclient poppassd poppler
	poppler popt poptop pork postgis postgresql postgresql-odbc potrace
	pound povray powerdns prboom prboom-plus prepop procmail proj prosody
	protobuf-c proxy-suite psi pstoedit psutils ptlib pulseaudio pure-ftpd
	pure-ftpd pure-ftpd pure-ftpd pure-ftpd pure-ftpd pure-ftpd pure-ftpd
	putty puzzles pwgen pwm py-Imaging py-M2Crypto py-Pillow py-apsw
	py-apsw py-cjkcodecs py-cryptkit py-gtk2 py-libpcap py-mxDateTime
	py-numpy py-openssl py-pgsql py-proj py-psycopg2 py-quixote py-scipy
	py-sip py-sqlite2 py-sybase py-vorbis py-wxPython pysvn pyusb qca2
	qcad qemu qgis qhull qiv qlandkarte qlandkartegt qpage qscintilla
	qstat qt-creator qt3 quagga quake2 qucs queryperf queso quesoglc quirc
	qvwm racket radiusd-cistron radmind ragel raptor rarian ratpoison
	rawstudio rawtherapee rc rc rc rdesktop readline recode redis redland
	remake remind remmina rep-gtk repmgr retawq rftg ri-li rlwrap
	roadfighter rocksndiamonds rocrail rox-filer roxterm rpl rplay rpm
	rrdtool rsyslog rtmpdump rtty rubinius ruby-capybara-webkit
	ruby-capybara-webkit ruby-eventmachine ruby-eventmachine
	ruby-eventmachine ruby-ldap ruby-ldap ruby-ldap ruby-passenger
	ruby-passenger ruby-rb-gsl ruby-rdiscount ruby-rdiscount
	ruby-rdiscount ruby-rmagick ruby-rmagick ruby-rmagick
	ruby-swift-db-mysql ruby-swift-db-mysql ruby-vorbis_comment
	ruby-vorbis_comment ruby-vorbis_comment rxp rxvt rxvt-unicode s10sh
	sablotron sam samdump2 samhain samhain samhain sane-backends sarg sarg
	sash sattrack sawfish sbcl sc scheme48 schismtracker scim scim-fcitx
	scintilla scite scm scm scmxx scorched3d screen screen scsh scummvm
	scummvm-tools sdd sdl-mixer sdl-sound sdl2 sdl2-mixer sdlmame sdlmess
	sdlroids sdlzombies se seed7 setquota seyon sfio sgmlformat shapelib
	sharity-light shash shash shell-fm shntool shorten shunt si siag
	sidplay siege silc-client silc-server silc-server silc-toolkit sim
	simgear simulavr sipcalc siproxd sipsak sisctrl sketch slash slash
	slash-em slash-em sliderule slim slrn smstools snes9x snipe2d snort
	snownews socat sofia-sip solid-pop3d solid-pop3d sope soundtracker
	source-highlight sox spacezero spandsp spawn-fcgi spectemu spectrum
	speech-dispatcher speeddreams sphinx sphinx spice spice-gtk spider
	spidermonkey spidermonkey spiff spim spiped splint splitvt splix
	sqlite sqlitebrowser sqsh squidclamav srcpd sshfs-fuse sshguard
	sshguard ssldump sslh ssvnc star star startup-notification stegdetect
	steghide stella stepmania sthttpd stone-soup stone-soup streamripper
	strigi strobe stunnel stuntman subrip subtitleripper subversion
	sunbird sunclock supercat supertux supertuxkart swfmill swftools
	swi-prolog swig swish-e sxiv sylpheed sympa synaesthesia synergy
	syslog-ng t1lib tacacs+ taglib tagtool tapclean tarsnap tclcl tclcurl
	tclthread tcltls tcludp tcpcat tcplist tcpreplay tcpstat tcptraceroute
	tcsh tdl teapop ted teeworlds teknap tellico tesseract testdisk
	texmaker texworks tgif thcrut the_silver_searcher tidyp tiff2png tilda
	timidity tin tintin++ tinycdb tinyfugue tinyscheme tircproxy tkdnd
	tkhtml tkimg tkrat tktable tktreectrl tla tlf tn5250 tnef toolame
	toppler tornado torsocks totd tpb tracker traditional-vi trafd
	trafshow trans transfig transmission tre treewm tremor tremor-tools
	trn tuxkart tuxpaint tvtwm tweak u9fs uae ucblogo ucpp ucspi-unix
	udunits uemacs ufraw uim unarj uncrustify unicon uniutils unrar
	unshield unzip uptimed uqm usbutils ushare uucp uwm vala varnish vbam
	vcdimager verbiste viewfax vifm viking vim vim vim vim vim vim
	virt-viewer virtuoso vislcg3 vitetris viz vlc vncsnapshot vorbis-tools
	vorbisgain vrfy vtags vteplugin vttest w3m w3m w3m w3m waimea wanderer
	warzone2100 wavpack wbox wdiff webalizer webkit webkit weechat weex
	wesnoth wesnoth wget wide-dhcp widelands wily windowlab windowmaker
	winexe wizznic wmbiff wmclockmon wmcube wmglobe wmifinfo wmii wminfo
	wmitime wml wmmail wmmenu wmmenu wmminichess wmmixer wmmp wmmp3
	wmmultipop3 wmnet wmpinboard wmthemeinstall wmtime wmtz wmx wordnet
	wterm wv wv2 www6to4 wwwcount wwwoffle wxWidgets wy60 x11vnc x264 x2x
	x3270 x48 xanim xaniroc xantfarm xaos xapian-omega xarchiver xastir
	xawtv xbae xbat xbattle xbill xbl xblast xbmbrowser xboard xboing
	xbomber xbreaky xbubble xcalib xcdroast xcept xchat xcircuit xclip xco
	xcolors xcopilot xcowsay xcubes xcursorgen xd xdaliclock xdeblock
	xdg-user-dirs xdino xdmchoose xdms xdotool xdrawchem xdtm xdu xearth
	xengine xephem xerces-c xevil xfaces xfe xfed xfig xfishtank xfm
	xforms xgalaga-sdl xgas xgrab xhomer xine-lib xine-ui xinvest xjewel
	xjig xjobs xkeycaps xkobo xkobo xl2tpd xlbiff xless xlhtml xlife
	xloadimage xlog xmahjongg xmake xmascot xmcd xmedcon xmine xminehunter
	xmix xmlrpc-c xmlrpc-epi xmlsec xmlwf xmmix xmms xmms-shn xmms-sid
	xmms-speex xmms-wavpack xmms2 xmms2-scrobbler xmoto xmris xnc xnecview
	xneko xnp2 xoris xorp xpad xpaint xpat2 xpdf xpilot xplanet xplot
	xpostit xpostitPlus xprompt xps xquote xruskb xsane xsane xscavenger
	xscorch xscrabble xscreensaver xscribble xskat xspread xtacy xtar
	xteddy xtermset xtraceroute xtrkcad xvkbd xwelltris xwelltris xwpe
	xzgv xzip yabause yafc yasm yaz yencode ykpers yle-dl yorick ytalk
	ytalk ytree zangband zangband zaz zbar zebedee zeromq zh-bg5pdf zile
	zint zip ziproxy zkt zmtx-zmrx zoo zoom zsh zsnes zsync zziplib zzuf

    I'm not going to bother including the data for strcat.

    So 50% of software still calls strcpy.  There is no way they have
    all been audited to avoid overflow.

Following this, a few more observations are in order:

(1) Remarkably, four pieces off software still use gets(3)

	chipmunk Wnn alpine metamail

(2) sprintf is still pretty popular.  1810 (51% of 3535) packages use it.

	arc bzip2 fastjar gcpio gshar+gunshar gtar gtar ha libarchive libzip
	lxsplit lzo lzo2 macutil nulib par2cmdline ucl unace unarj unrar unzip
	xdms zip zoo zziplib celestia dgpsip gcal libnova luna sattrack
	stellarium sunclock wmglobe xearth xephem akode amarok aqualung ardour
	ario ascd aubio audacious-plugins audacity aumix calf cdparanoia
	clementine cmt cmu-sphinx3 cmu-sphinxbase cuetools deadbeef easytag
	esound espeak faac faad flite fluidsynth gimmix gnomad2 grip gtkpod
	herrie hydrogen id3ed id3lib jack ksmp3play lame libao libcanberra
	libcddb libcdio libcue liblo libmad libmikmod libmodplug libmp3splt
	libmusicbrainz libmusicbrainz5 libnjb libofa lmms mac madplay mikmod
	milkytracker mp3blaster mp3gain mp3info mp3info mp3wrap mpg123 mpg321
	mscore multimux musepack nap normalize nosefart p5-Audio-FLAC-Header
	p5-Audio-Scan pms pulseaudio py-ogg rhythmbox rioutil rplay rsynth
	ruby-id3lib ruby-id3lib ruby-id3lib schismtracker scmpc shell-fm
	soundtracker sox speech-dispatcher streamripper tagtool teknap
	timidity tracker tremor-tools umurmur vamp-plugin-sdk vorbis-tools
	wavpack wmix wmmixer wmmp wmmp3 xcdplayer xhippo xmcd xmix xmmix xmms
	xmms-shn xmms-wavpack xmms2 xmms2-scrobbler bonnie bonnie++ iozone
	netperf siege xengine emboss nutdb py-biopython chipmunk geda-gaf
	gerbv gnucap gtkwave kicad necpp ngspice pcb qcad qucs spice xcircuit
	xnecview xtrkcad cless crxvt libchewing ttfm amtterm birda c3270 efax
	fldigi gmfsk gnokii gpsk31 hamlib jpilot kermit lcdproc lrzsz
	mgetty+sendfax minicom openobex pilot-link qpage scmxx seyon smstools
	tlf wy60 x3270 xastir xcept xlog zmtx-zmrx dos2unix html2text ish
	libdvdcss libiconv libpst libunistring mimepp mpack otf2bdf
	p5-Convert-Binary-C p5-Convert-UUlib p5-JSON-XS recode ripmime trans
	wv wv2 xlhtml dbh dbic++ evolution-data-server freetds gnats gq iodbc
	kyotocabinet lbdb libpqxx mysql mysqlcc openldap openldap openldap23
	p5-DBD-Pg p5-DBD-SQLite p5-DBD-SQLite2 p5-DBD-Sybase p5-DBD-mysql
	p5-DBI p5-sybperl pg_statsinfo pg_top pgadmin3 pgpool pgtcl postgresql
	postgresql-odbc py-apsw py-apsw py-mysql py-pgsql py-psycopg2
	py-pygresql py-sybase qdbm redis ruby-ldap ruby-ldap ruby-ldap
	ruby-mysql ruby-mysql ruby-mysql ruby-mysql ruby-swift-db-mysql
	ruby-swift-db-mysql ruby-swift-db-postgres ruby-swift-db-postgres
	ruby-swift-db-sqlite3 ruby-swift-db-sqlite3 ruby-tiny_tds
	ruby-tiny_tds ruby-tiny_tds ruby-tiny_tds sqlite sqsh strigi virtuoso
	xapian-core acpica ald apr-util apr-util argp-standalone asp2php
	asp2php autogen avrdude bison blame boehm-gc boost bouml bullet bzr
	ccache ccrtp cdk cflow cgdb cmake codeblocks codeworker commoncpp cook
	cppunit ctm cutils cvsgraph cvsps ddd doc++ dotconf doxygen doxygen
	droplet ectags erl-ejson fox fribidi gdb geany geotiff gettext gindent
	git glib glib2 glog glpk gmake gobject-introspection goffice goffice08
	gpatch grcs guilib gwenhywfar hs-HsSyck id-utils imake iniparser itcl
	lam libast libaudiofile libconfig libdvdread libee libf2c libgsf
	libgtop2 libhid libidn liblouis libmpc libmtp libofx liboil libplist
	libproplist libslang libtool libusb-compat libwnck libwnck3 libyajl
	libyaml llvm log4c lpc21isp luaprofiler luaprofiler m4 mico mm
	monotone mpfr naken430asm nasm nspr ocaml-mlgmp ode omake opencm
	openmpi openocd orc p5-Data-Structure-Util p5-Data-UUID p5-Devel-Cover
	p5-Devel-NYTProf p5-Glib2 p5-IO-Tty p5-SDL p5-Term-ReadKey
	p5-YAML-Syck p5-YAML-XS pccts pcre physfs plib popt proj protobuf
	protobuf-c pth ptlib py-gobject py-gobject3 py-gobject3 py-guppy
	py-mxDateTime py-sip pygame qt-creator ragel rapidsvn rats readline
	remake ruby-home_run ruby-narray ruby-narray ruby-rb-gsl ruby-yajl
	ruby-yajl sdl-image sdl-ttf sdl2-ttf sfio shapelib silc-toolkit
	simulavr smpeg spidermonkey splint srecord stp subversion swig t1lib
	tclcl tclthread tla ucpp udis86 vtags xmake yasm abiword axe beav
	beaver bvi cooledit cooledit ee elvis elvis emacs emacs emacs emacs21
	emacs21 fte hexedit hnb ht ht jed jed joe jove nano nedit nvi-m17n
	nvi-m17n qscintilla scintilla scite ted traditional-vi tweak uemacs
	vim vim vim vim vim vim xwpe zile drgeo gamgi gtypist BasiliskII bochs
	bochs coldfire desmume dgen-sdl dgen-sdl dosbox dynamips fceux frodo
	fs-uae fuse mednafen nestopia pcsxr qemu sdlmame sdlmess snes9x
	spectemu spim uae vbam x48 xcopilot xhomer xnp2 yabause zsnes
	zh-bg5pdf abuse allegro amph angband angband angband armagetronad
	barrage beret blobby blockrage bomberclone bzflag capitan-sevilla
	cgoban chocolate-doom choria chroma chromium-bsu clonekeen corewars
	crimson crossfire-client csmash dangerdeep dd2 defendguin dopewars
	dopewars dungeon-crawl easyrpg eduke32 egoboo einstein eliot enigma
	extremetuxracer f1spirit falconseye foobillard freeciv freedroid
	freedroidrpg frogatto frotz frozen-bubble gamine gargoyle gcompris
	gemdropx gnuchess gnugo gnushogi golly heroes hex-a-hop irrlamb komi
	lbreakout2 lgeneral lincity lincity-ng lostpixels love maelstrom
	meandmyshadow micropolis minetest mirrormagic moon-buggy moonlander
	moonlander moria nethack nethack nethack neverball numptyphysics omega
	oolite openarena opensonic openttd pacman-arena pioneers pokerth
	prboom prboom-plus puzzles qgo qstat quake2 redeclipse rftg ri-li
	roadfighter rocksndiamonds scorched3d scummvm scummvm-tools sdlroids
	sdlzombies slash slash slash-em slash-em snipe2d spacehulk spacezero
	speeddreams spider stepmania stone-soup stone-soup sudognu
	sudoku-solver supertux supertuxkart teeworlds toppler tornado tuxkart
	tuxpaint tuxpaint-config uqm valyriatear vectoroids vitetris
	vms-empire vodovod wanderer warmux warzone2100 wesnoth wesnoth
	widelands wizznic xasteroids xbat xbattle xbill xbl xblast xboard
	xboing xbomber xbreaky xbubble xcubes xdeblock xdino xgalaga-sdl
	xinvaders xjewel xjig xkobo xkobo xlife xmahjongg xmine xminehunter
	xminesweep xmoto xmris xonix xpat2 xpilot xscavenger xscrabble xskat
	xwelltris xwelltris xzip zangband zangband zaz zoom garmindev gdal
	gimgtools gpsbabel gpstk postgis py-proj qgis qlandkarte qlandkartegt
	viking DevIL GraphicsMagick ImageMagick aalib agg animorph aqsis
	argyll autopano-sift-c babl barcode blender cairo cal3d cqcam
	darktable dcmtk dcraw dia digikam djview4 djvulibre dpic
	enblend-enfuse enjoympeg evince exiftran feh flash freeimage fxtv gd
	gdk-pixbuf2 gegl geomview gif2png gifsicle gmt gocr goocanvas
	goocanvas2 gphoto2 gpicview gracula graphite2 hugin imlib2 inkscape
	ipe iview jbig2dec kimdaba lasem lcms lcms2 lensfun leptonica libart
	libcaca libexif libexif-gtk libgphoto2 libiptcdata libkdcraw libmpeg2
	libpano13 libraw libvidcap libwmf lsys luvcview mandelbulber mapnik
	mpeg_encode mpeg_play mscgen netpbm ocaml-camlimages opencv
	openexr-viewers openimageio openjp2 openjpeg openscenegraph
	p5-Image-EXIF p5-Imager pigment potrace povray pstoedit py-Imaging
	py-Pillow py-matplotlib rawstudio rawtherapee ruby-rmagick
	ruby-rmagick ruby-rmagick s10sh sane-backends simgear sketch tesseract
	tgif tiff tkimg ufraw xanim xaos xbmbrowser xfig xmedcon xmms-kj xoris
	xpaint xsane xsane xzgv zbar zint anthy ibus scim scim-anthy
	scim-chewing scim-fcitx uim Wnn canna groff gwaei jvim jvim jvim jvim
	kakasi kanatest kanjipad kanjips kterm kterm less mecab onew onew onew
	jlint hanterm-xf STk arena chicken classpath clisp datalog expect
	freehdl g77 gawk gfortran ghc gprolog guile hugs intel2gas io iverilog
	jamvm jikes jimtcl librep luajit mawk mono node nqp obc ocaml oo2c
	open-cobol otcl parrot pfe racket rubinius sbcl scheme48 seed7
	spidermonkey swi-prolog ucblogo unicon verilator alpine altermime
	archiveopteryx asmail avenger avenger bmf bogofilter bogofilter
	bogofilter bogofilter bulk_mailer claws-mail claws-mail
	courier-authlib courier-imap cucipop cue cyrus-imapd cyrus-imapd drac
	dspam dspam dspam dspam elm evolution evolution-rss exim exim exim
	exim exim faces fetchmail gmime hashcash isync libspf2 maildrop mairix
	mboxgrep metamail mimedefang mixmaster nmh nmh perdition pgpsendmail
	popclient poppassd py-milter sylpheed sympa teapop tkrat tnef vrfy
	wmbiff wmmail wmpop3 xfaces xlbiff R abs calc cfitsio cgal ecm fftw
	foma freemat gnumeric gnuplot gnuplot grace graphviz grpn hexcalc kst
	libqalculate matio mcsim netcdf ntl octave p5-Math-Pari pari plplot
	py-Numeric py-numpy py-scipy qhull qtoctave sc udunits wmcalc xspread
	yorick amanda astrolog bible-kjv brltty cdrdao cdrdao clex deco delay
	dialog digitemp findutils hfsplus jive lifelines logjam magicpoint mc
	memchan most mshell openbabel pdmenu plan randtype remind rlwrap
	rocrail rpm screen screen splitvt srcpd supercat tapclean teseq
	uniutils viz vttest wmtimer wordnet xd xgas xless xnc xtar xtimer
	ytree zzuf atomicparsley avinfo ccextractor dvdauthor ffmpeg2theora
	kguitar libaacs libbluray libmms libmp4v2 libquicktime libvpx lives
	lsdvd mediatomb ming minidlna mjpegtools mjpegtools mkvtoolnix
	mkvtoolnix mpgtx oggz ogmrip ogmtools schroedinger subrip
	subtitleripper swftools transcode x264 xine-lib xine-ui xvidcore
	yle-dl GeoIP adns aget amsn ap-utils argus argus-clients arping
	arpwatch avahi avahi avahi axel balance bird bird bitlbee bitlbee
	bitlbee bitlbee bnc bro cadaver centerim cftp clamz climm clive crawl
	curl dclib dhcping dictd dnscrypt-proxy dnsmasq dnstracer dxpc
	dysnomia echoping epic4 ettercap ettercap ez-ipupdate filezilla
	firewalk flickcurl flow-tools flvstreamer fmirror freetalk gloox
	gmudix gopher gssdp haproxy httptunnel icb icecast ices ices2 icmpinfo
	iftop igmpproxy ike-scan inadyn ipaudit irc ircII ircd-hybrid
	ircd-ratbox irssi-silc isc-bind isc-dhcp jabberd jabberd jnettop
	ktorrent ldistfp lftp libbgpdump libbind libcares libdnet libgadu
	libircclient libnids liboauth libshout libsmi libst libtorrent libupnp
	livemedia luasocket luasocket meanwhile microblog-purple mktorrent
	mrtd mrtg mtr mtr mudix mutella nam ncftp neon netatalk ngrep nmap ns
	nslint nslint nsping ntop ntp nylon ocsync olsrd opal openconnect
	openvpn-auth-ldap osrtspproxy owamp p5-IO-Interface p5-Net-Patricia
	p5-Net-RawIP p5-Net-TCLink packit pavuk pavuk pdnsd pen pidgin pidgin
	pidgin-sipe pidgin-tlen pmacct poco poink poptop powerdns ptpd putty
	py-adns py-libpcap quagga queso quirc radiusd-cistron rbldnsd
	retroshare rrdtool rtmpdump rtorrent ruby-eventmachine
	ruby-eventmachine ruby-eventmachine serf sharity-light si silc-client
	silc-server silc-server sing sipcalc sipsak snort socat spectrum
	ssldump ssvnc synergy tacacs+ tcludp tcpflow tcpreplay tcpslice
	tcpstat tcptrace thcrut tintin++ tinyfugue tircproxy tn5250 totd trafd
	trafshow trickle udns ushare uucp vncsnapshot weechat weex wget
	wide-dhcp winexe wmifinfo wmwave xchat xl2tpd xmlrpc-c yafc yaz ytalk
	ytalk ziproxy znc zsync leafnode newsfetch nn pan plor slrn tin trn
	9wm larswm sam u9fs w9wm wily a2ps bibview cups cups-filters detex
	enscript fontforge foo2zjs foomatic-filters ghostview gtklp gutenprint
	gv htmldoc libXp libpaper lilypond lout lyx pdflib poppler poppler
	psutils t1utils transfig aqbanking gnucash ledger osmo siag sunbird
	taskwarrior tdl workrave xinvest xquote aide aircrack-ng antisniff
	bfbtester bounix ccid ccrypt cfs clamav cracklib cryptcat cvechecker
	cyrus-sasl2 cyrus-sasl2 cyrus-sasl2 cyrus-sasl2 cyrus-sasl2 dsniff
	dsniff fcrackzip fragrouter gnupg gnupg gnupg2 gnutls hlfl
	hs-cryptohash hydra its4 john libassuan libfprint libgcrypt libgsasl
	libident libksba libmcrypt libnettle libotr libssh libssh2 logsurfer
	luacrypto lxnb mcrypt nbaudit nss oath-toolkit opencdk opensc ophcrack
	outguess p11-kit p5-Crypt-Serpent p5-Digest-Nilsimsa p5-Digest-Skein
	p5-Net_SSLeay parse passwdqc pgp pgp5 pinentry py-cryptkit py-openssl
	samdump2 samhain samhain samhain shash shash stegdetect steghide
	strobe tcltls xca xmlsec zebedee zkt bash dash ksh93 sash scsh zsh
	apcupsd augeas bacula bacula bacula bchunk bubblemon-dockapp cfengine
	clusterit clusterit conky conky conky conky conky coreutils dcfldd
	duplicity dvd+rw-tools dwdiff e2fsprogs eventlog freeipmi ggrep gource
	grub idled ipmitool ktsuss libretto-config libvirt logstalgia modlogan
	mtools multitail ncdu ntfs-3g p5-Proc-ProcessTable pciutils pv radmind
	rdiff-backup rtty sdd setquota shunt skill smartmontools socket
	syslog-ng tarsnap tcplist testdisk usbutils whowatch wmcb wmcube xbatt
	xbattbar xjobs xps zap astmanproxy fobbit iaxclient iaxmodem libosip2
	pjsua siproxd sofia-sip spandsp stuntman TclXML antiword arabica
	calibre catdoc catdoc diffstat discount docbook-to-man enchant eruby
	exempi gdiff glimpse gnuvd groff gsed gtranslator highlight hunspell
	hyperestraier icu4c idiff iksemel isearch ispell jq lgrind libical
	libwbxml libxml libxslt link-grammar lq-sp mgdiff mupdf mxml namazu
	oniguruma openjade opensp ots p5-Text-Aspell p5-XML-SAX-ExpatXS par
	patchutils pdftk pinfo py-lxml py-xml raptor rarian rasqal redland
	ruby-hpricot ruby-hpricot ruby-hpricot ruby-nokogiri ruby-nokogiri
	ruby-nokogiri ruby-rdiscount ruby-rdiscount ruby-rdiscount
	ruby-redcloth ruby-redcloth ruby-redcloth rxp sablotron sgmlformat sim
	sp spiff swish-e uncrustify vislcg3 wdiff xpdf analog ap2-mod_fastcgi
	ap2-mod_jk apache-httpd cgit chromium chromium cntlm cronolog
	dansguardian dillo elinks fcgi goaccess gtkhtml3 gtkhtml4 haserl
	haserl haserl haserl hiawatha larbin libghttp lighttpd lighttpd
	lighttpd lighttpd links links+ links+ man2web mod_auth_bsd
	mod_auth_kerb mod_auth_pgsql mod_bandwidth mod_fastcgi mod_geoip
	mod_gzip mod_jk mod_mp3 mod_mp3 mongrel2 opengroupware
	p5-CGI-SpeedyCGI p5-HTML-Embperl p5-HTTP-Parser-XS pound retawq sarg
	sarg slowhttptest snownews sogo sope sthttpd swiggle tidyp tinyproxy
	tntnet varnish visitors w3m w3m w3m w3m webalizer webkit webkit wml
	www6to4 wwwcount wwwoffle yaws Xaw3d XawMu Xdialog afterstep amiwm
	asapm asfiles astime bbdate bbpager blackbox bricons byzi chbg ctwm
	dbus dclock driftnet emiclock enlightenment eterm eterm fleditor fltk
	fluxbox fluxter flwm freerdp fsv fvwm2 fvwm95 gbdfed gentoo goggles
	gtk+ gtk+2 gtk+3 gtk2mm gtk3mm gtkdatabox i3 i3status icewm ion
	irrlicht isomaster itk jwm krusader lupe mlterm mouseclock mowitz
	mplayer mrxvt mterm mxconns neXtaw nitrogen ogle ogre openmotif
	oroborus p5-Tk p5-Tk-TableMatrix p5-Wx piewm pypanel qt3 qvwm
	ratpoison rdesktop remmina rep-gtk rox-filer roxterm rxvt rxvt-unicode
	sakura sawfish sisctrl sliderule slim swisswatch tellico tkdnd tkhtml
	tktable tktray tktreectrl treewm tvtwm uwm viewfax virt-viewer vlc
	waimea windowmaker wmbutton wmclock wmclockmon wmii wminfo wmitime
	wmmenu wmmenu wmthemeinstall wmtime wmtz wmweather wmx wterm wxWidgets
	x11vnc x2vnc xantfarm xarchive xautolock xawtv xbae xcb xco xcoloredit
	xdaliclock xdesktopwaves xdmchoose xdtm xdu xfed xfm xforms xglobe
	xglobe xgrab xkeycaps xloadimage xmascot xmold xplot xpostit
	xpostitPlus xprompt xruskb xscreensaver xscribble xtacy xtraceroute
	xtu xvkbd xwrits xzoom yeahconsole
	
    Quite worrying.  The odds of overflow or truncation are very high.

(2) The above sprintf numbers are quite worrying.  On the bright side,
    snprintf utilization is probably better than a few years ago.
    1810 (38% of 3535) of packages use it.

	gcpio gshar+gunshar gtar gtar libarchive libmspack libtar libzip lzop
	par2cmdline sltar unshield xz celestia dgpsip gcal wmspaceweather
	aqualung ardour audacious audacious-plugins cdparanoia celt celt051
	celt07 cmu-sphinxbase daapd deadbeef easytag esound espeak fluidsynth
	gimmix gmpc gnomad2 gqmpeg grip gtkpod herrie hgd hydrogen jack libao
	libcanberra libcdaudio libcddb libcdio liblo libmikmod libmp3splt
	libmpd libmpdclient libnjb libsndfile libworkman lmms midish mikmod
	milkytracker mp3blaster mp3splt mp3splt-gtk mpc mpd mpd mpdscribble
	mpg123 mpg321 mt-daapd multimux mumble ncmpc nosefart openal opennap
	opus-tools p5-Audio-Scan pianobar pms pulseaudio py-vorbis rioutil
	rplay rtunes schismtracker shell-fm soundtracker sox speech-dispatcher
	speex streamripper swh-plugins tagtool teknap timidity twolame umurmur
	vagalume vorbis-tools vorbisgain wmmp wmmp3 wmtune wmtune xhippo
	xmms-mad xmms-sid xmms2 xmms2-scrobbler xmp blogbench bonnie++ httperf
	netperf siege sysbench sysbench sysbench nutdb geda-gaf gerbv gtkwave
	kicad ngspice pcb xcircuit amtterm birda c3270 conserver efax fldigi
	gnokii hamlib hylafax hylafax jpilot lcdproc minicom obexftp owx
	picocom pilot-link scmxx smstools tlf wy60 xastir libdvdcss libpst
	libunistring p5-Convert-UUlib p5-JSON-XS p5-Unicode-LineBreak pflogx
	ripmime wv2 apache-couchdb dbic++ evolution-data-server freetds gnats
	gq iodbc kyotocabinet leveldb libdbi libdbi-drivers luadbi luadbi
	mysql openldap openldap openldap23 p5-DBD-Pg pg_statsinfo pg_top
	pgadmin3 pgbouncer pgpool postgresql postgresql-odbc postgresql-plv8
	py-ldap redis repmgr ruby-amalgalite ruby-bdb ruby-do_postgres
	ruby-do_postgres ruby-mysql ruby-mysql strigi tdb virtuoso xapian-core
	ORBit2 atlas autogen avrdude bzr ccrtp cflow cgdb check chmlib
	cmockery codeblocks commoncpp cppcheck cscope cunit cvslock cvsps
	darcs dotconf doxygen doxygen droplet erl-ejson erl-jiffy flex gdb
	geany gettext gflags git glib2 glog gmp gpatch gtest gwenhywfar
	harfbuzz imake json-c lam libast libaudiofile libclog libconfig
	libdaemon libdvdread libee libgtop2 libhid libio libivykis libixp
	libmagic libmemcached libmtp liboil libplist libsoup libspectrum
	libusb-compat libusb1 libxsvf libyajl llvm log4c lua-cjson lua-cjson
	m4 mcs mowgli mspdebug mysql++ nasm ninja ocaml-pcre omake opencm
	openmpi openocd orc p5-Devel-NYTProf physfs protobuf protobuf-c
	py-gobject py-gobject3 py-gobject3 py-radix py-setproctitle
	py-setproctitle pygame pysvn readline remake ruby-home_run ruby-kgio
	ruby-ncurses sdl sdl-sound sfio simulavr sparsehash splint srecord
	startup-notification subversion tclcl tla varconf vte vte3 abiword
	dhex emacs emacs emacs fte gummi hnb ht ht joe ldapvi nvi nvi nvi-m17n
	nvi-m17n scite se zile drgeo verbiste BasiliskII bochs bochs coldfire
	desmume dgen-sdl dgen-sdl dosbox dynamips fceux frodo fs-uae fuse
	fuse-utils gxemul mednafen nestopia openmsx qemu sdlmame sdlmess
	snes9x stella vbam xnp2 abuse afternoonstalker armagetronad barrage
	batrachians blobby blobwars burgerspace bzflag capitan-sevilla
	chocolate-doom chroma clines clonekeen corewars cosmosmash
	crossfire-client csmash dangerdeep defendguin dungeon-crawl eboard
	eduke32 egoboo einstein eliot enigma extremetuxracer f1spirit
	freedroidrpg frozen-bubble gargoyle glsfcave grhino gtetrinet
	hex-a-hop icebreaker irrlamb kobodeluxe kobodeluxe late lbreakout2
	lincity-ng manaplus meandmyshadow micropolis minetest moonlander
	moonlander netris numptyphysics oilwar openarena opensonic openttd
	openxcom pingus pioneers pokerth prboom prboom-plus pushover qstat
	quake2 roadfighter scorched3d scummvm scummvm-tools snipe2d spacezero
	spatial speeddreams stepmania stone-soup stone-soup sudognu
	sudoku-solver supertux supertuxkart teeworlds toppler tutris tuxpaint
	tuxpaint-config uqm vodovod warmux warzone2100 wesnoth wesnoth
	widelands wmtictactoe wordwarvi xboard xboing xcowsay xgalaga-sdl
	xkobo xkobo xmoto xsoldier gdal geos gpsbabel osm2go postgis qgis
	viking amide aqsis argyll asymptote babl blender cairo colord
	darktable dcraw dmtx-utils dpic dumpmpeg exiftran exiv2 feh ffmpeg
	fswebcam gegl geomview gfract giflib gphoto2 gpicview grap gtkam hugin
	imlib inkscape jasper jbig2dec jhead jpeg lcms lcms2 lensfun leptonica
	libcaca libdmtx libexif libgexiv2 libgphoto2 libiptcdata libkexiv2
	libpano13 libqrencode libraw libvidcap luvcview mandelbulber mhgui
	mscgen netpbm node-canvas opencv openimageio p5-GD p5-Image-EXIF
	p5-Imager povray py-matplotlib qiv quesoglc rawstudio ruby-rmagick
	s10sh sane-backends scrot simgear sxiv tesseract tgif tiff tkimg ufraw
	vcdimager videod wmgrabimage wmphoto xfig xsane xsane zbar anthy ibus
	scim scim-hangul scim-pinyin uim uim-chewing canna kinput2 kinput2
	kinput2 jlint hanterm-xf classpath eltclsh gawk gfortran ghc hugs io
	iverilog jamvm jimtcl librep libv8 mono newlisp node obc open-cobol
	parrot pcc petite-chez racket rubinius sbcl swi-prolog tinyscheme
	unicon abook akpop3d alpine altermime avenger avenger bmf bogofilter
	bogofilter bogofilter bogofilter clamsmtp claws-mail claws-mail
	courier-authlib courier-imap cue cyrus-imapd cyrus-imapd dkim-milter
	dspam dspam dspam dspam evolution evolution-ews exim exim exim exim
	exim fetchmail hashcash hypermail hypermail imapfilter imapproxy
	ldapvacation libetpan libspf2 lumail maildrop mew milter-checkrcpt
	milter-greylist milter-regex milter-spamd mimedefang mini_sendmail
	mixmaster mlmmj msmtp nmh nmh nmzmail osbf-lua osbf-lua perdition
	s-nail smsmail smtp-vilter smtp-vilter smtpclient solid-pop3d
	solid-pop3d sympa teapop tkrat wmbiff wmmultipop3 wmpop3 R calc calcoo
	fftw3 fftw3 foma freemat galculator gnumeric gnuplot gnuplot kst
	libqalculate mathomatic mcl py-numpy sc udunits wcalc wmcalc amanda
	brltty cdrdao cdrdao findutils geekcode gnuwatch gpsd lifelines
	magicpoint memcached most openbabel randtype redshift rlwrap srcpd
	supercat uniutils wmmand wordnet xcdroast zzuf dvdauthor dvdbackup
	dvdstyler ffmpeg2theora imagination k3b libdv libdvdnav libmms
	libmp4v2 libquicktime libvpx lives lsdvd mediatomb ming minidlna
	mjpegtools mjpegtools mkvtoolnix mkvtoolnix oggz ogmrip
	p5-Storable-AMF subrip subtitleripper swfmill swftools transcode
	vitunes x264 xine-lib xine-ui yle-dl GeoIP adsuck aget aguri aiccu
	amsn amule angst ap-utils argus argus-clients arp-scan arpcatch arpd
	arping avahi avahi avahi axel balance bro btpd bwm-ng cadaver centerim
	cgo climm cnupm crawl cvsync daq darkstat dclib dictd dnsmasq dnstop
	dsocks ekg epic4 etherape ettercap ettercap ez-ipupdate ezstream
	farstream filezilla flow-tools flowd flvstreamer fmirror fping
	freetalk ftpsesame gopher gophernicus gotthard haproxy honeyd icb
	icbirc icecast ices ices2 ifmcstat ifstat iftop igmpproxy ii ike-scan
	inadyn iodine ipcad iperf ipfm iplog ipv6calc ircII ircd-hybrid
	ircd-ratbox irssi irssi irssi-icb irssi-silc isc-bind isc-dhcp jabberd
	jabberd jftpgw jnettop kismet kissd ktorrent ladvd ldistfp lftp
	libbgpdump libdnet libgadu libircclient libktorrent liboauth
	libpcapnav librsync libshout libtorrent libupnp livemedia lldpd
	mcabber microblog-purple mosh mrtd mrtg mtr mtr mutella nbtscan ncftp
	nemesis nepenthes nepim netatalk netbsd-iscsi-target nfdump ngircd
	nmap ns nsping ntp nylon ocsync oidentd olsrd onioncat opal
	openconnect openmdns openvmps ortp owamp p5-Net-DBus packit pavuk
	pavuk pchar pdnsd pen pfstat pidgin pidgin pidgin-icb pidgin-tlen
	pktstat plushs pmacct pop3gwd poptop pork powerdns pptp proxy-suite
	psi pure-ftpd pure-ftpd pure-ftpd pure-ftpd pure-ftpd pure-ftpd
	pure-ftpd pure-ftpd putty py-pcapy quagga radiusd-lucent rbldnsd
	retroshare rrdtool rsync rsync rtmpdump rtorrent ruby-eventmachine
	samba samba samba scamper si silc-client silc-server silc-server
	sipcalc sipsak slurm snort socat softflowd spectrum spectrum-tools
	sslh synergy tcludp tcpflow tcpreen tcpreplay tcpstat tcptrace thcrut
	tn5250 tor torsocks totd transmission trickle unbound unworkable
	ushare valknut vnstat vsftpd weechat wget wide-dhcpv6 winexe wmifinfo
	wmnet xchat xl2tpd xmlrpc-c xmlrpc-epi xorp xprobe yersinia ysmv7
	ziproxy znc zsync leafnode pan slrn tin yencode sam w9wm apvlv cups
	cups-filters fontforge foomatic-filters gtklp gutenprint gv htmldoc
	lilypond lss mpage poppler poppler splix aqbanking calcurse gnucash
	sunbird taskwarrior workrave aide aircrack-ng amap antisniff arirang
	assl bfbtester bsd-airtools ccid cfs chntpw clamav cracklib ctunnel
	cvechecker cyrus-sasl2 cyrus-sasl2 cyrus-sasl2 cyrus-sasl2 cyrus-sasl2
	dante dsniff dsniff erl-bcrypt fragroute fragrouter gnupg gnupg gnupg2
	gnutls gpgme hlfl hydra ikeman ipguard jailkit kc klaxon libassuan
	libgcrypt libgsasl libotr libpwquality libssh libssh2 libtasn1 mcrypt
	netpgp node-bcrypt nss oath-toolkit openpam opensc ophcrack otpcalc
	outguess p11-kit p5-Net_SSLeay pcsc-lite pinentry pwsafe pwsafe
	py-bcrypt py-crack py-pykpass scanlogd scanssh sentinel siphon
	smbsniff ssh-ldap-helper sshguard sshguard stegdetect stunnel
	tempwatch towitoko vomit vpnc wpa_supplicant xca zebedee zkt bash nsh
	osh anacron apachetop apcupsd augeas autossh bacula bacula bacula
	bubblemon-dockapp cfengine clusterit clusterit colorls conky conky
	conky conky conky consolekit coreutils cyphertite dcfldd ddrescue
	detox diskrescue downtimed dwdiff e2fsprogs eventlog faubackup
	freeipmi fsstress gamin gource gpioflicker hot-babe hotplug-diskmount
	iogen ipmitool librelp libstatgrab libvirt logfmon login_ldap
	login_oath logstalgia lsof modlogan monit mtools multitail multitime
	ncdu ntfs-3g openpoppassd p5-Sys-Virt pciutils pftop pv radmind rancid
	rsyslog shmux sleuthkit smartmontools symon syslog-ng tabled testdisk
	toad toprump torture tpb tray-app upsd uptimed usbutils vifm whowatch
	wmwlmon xjobs xstatbar xuvmstat ykpers astmanproxy iaxclient iaxmodem
	libosip2 pjsua siproxd sofia-sip spandsp TclXML calibre clucene
	diction eruby exempi gdiff gnuvd groff highlight libical liblrdf
	libnxml libxml libxmlsd libxslt link-grammar mupdf mxml namazu
	p5-Template p5-Text-Tmpl pinfo raptor rarian rasqal redland
	ruby-redcarpet ruby-redcarpet ruby-redcarpet sablotron sphinx sphinx
	tinyxml tre uncrustify urlview urlview wdiff xxdiff zoem ap2-mod_jk
	aria2 bozohttpd cgit chromium chromium clearsilver cntlm dansguardian
	dillo elinks ffproxy goaccess haserl haserl haserl haserl havp
	hiawatha http_load http_ping junkbuster larbin lighttpd lighttpd
	lighttpd lighttpd links+ links+ mod_auth_bsd mod_auth_kerb
	mod_auth_pgsql mod_jk mod_ldapvhost mod_mp3 mod_mp3 mod_ruby mongrel2
	mozplugger newsbeuter nostromo opengroupware polipo pound privoxy
	ruby-passenger ruby-passenger ruby-unicorn sarg sarg snownews sope
	spawn-fcgi squidclamav sthttpd surf tinyproxy varnish visitors
	webalizer webkit webkit wml xapian-omega xombrero aewm afterstep
	awesome bbpager dbus dclock dmenu driftnet dwm e16keyedit echinus
	enlightenment eterm eterm evilwm fbpanel fltk fluxbox freerdp fsv gaia
	golem gtk+2 gtk+3 gtk-vnc i3 i3status icewm ion irrlicht isomaster jwm
	libfm mlterm mowitz mplayer mrxvt mterm netwmpager nitrogen ogle
	ogle_gui ogre openmotif oroborus pbrowser pcmanfm pinot pwm rdesktop
	remmina rendercheck rxvt-unicode sawfish skippy slim spectrwm
	spice-gtk st stalonetray tabbed tint tkhtml treewm vlc windowlab
	windowmaker wm2 wmcalclock wmclockmon wmfishtime wmthemeinstall wmtz
	wmx x11vnc xbindkeys xcb xfe xforms xloadimage xplanet xrestop
	xscreensaver xsel xsnow xwrits
	
Finally, I would like to take this opportunity to remind everyone of
this piece from the strlcpy(3) manual page found at

    http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy

[...]
RETURN VALUES
     Besides quibbles over the return type (size_t versus int) and signal
     handler safety (snprintf(3) is not entirely safe on some systems), the
     following two are equivalent:

           n = strlcpy(dst, src, len);
           n = snprintf(dst, len, "%s", src);

     Like snprintf(3), the strlcpy() and strlcat() functions return the total
     length of the string they tried to create.  For strlcpy() that means the
     length of src.  For strlcat() that means the initial length of dst plus
     the length of src.
[...]

snprintf, strlcpy, and strlcat are used in exactly the same way.

Using .o file symbols like above does not prove to us whether people
are using the APIs in the most careful way -- that would require a
source code inspection.  But to provide an example, bind9 contains 114
uses of snprintf which don't check the return value to spot
truncation, with code like the following

                        char buf[DNS_NAME_FORMATSIZE + sizeof(": TSIG ''")];
			[...]
                                char namebuf[DNS_NAME_FORMATSIZE];
                                dns_name_format(&zone->tsigkey->name, namebuf,
                                                sizeof(namebuf));
                                snprintf(buf, sizeof(buf), ": TSIG '%s'",
                                         namebuf);

Fine, maybe it is safe, of the "it has been audited, and next time
someone is here, they will audit it again".  I also don't have time to
verify this or the 113 other cases, nor is it my job.

I bring this up to ask why strlcpy/strlcat are being held to some
arbitrary standard that they should handle truncation better .. when
it is the case that it is handling it JUST LIKE the commonplace
snprintf API.  Right here in mainstream code, we see that snprintf's
return is not being handled, against best practice taught everywhere.
Should snprintf call abort?  That's ridiculous.  Should it crash?
What should it do?  The fact that no other function of that sort has
ever made it into the mainstream perhaps shows the arguments are weak.
If something is better, take some real software and fix it.

To upstream authors of software who are using the functions: please
continue incorporating more of them into your software, because it is
good for the users of your software.  Please check the return values
to spot truncation as described the manual page, and properly handle
that condition in the best way you can based on the location of the
call.  Thanks!

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic