Why are strlcpy and strlcat considered insecure?
问题 I understand that strlcpy and strlcat were designed as secure replacements for strncpy and strncat . However, some people are still of the opinion that they are insecure, and simply cause a different type of problem. Can someone give an example of how using strlcpy or strlcat (i.e. a function that always null terminates its strings) can lead to security problems? Ulrich Drepper and James Antill state this is true, but never provide examples or clarify this point. 回答1: Firstly, strlcpy has