>However, perhaps another rule: > Avoid using strncat(dest, src, n) or strncpy(dest, src, n), etc, as they > _also_ do no checking on the max length of "dest", although 'n' can be > properly calculated & make them safe. > >Perhaps, instead, it's time to write a new series of string manipulators.... >ones that do the following: >1) Behave similarly to the existing functions (like sprintf(), strncat(), > strncpy(), but take an additional argument "destlen", which is (of course) > the max length of the destination string. >2) Do the string-function, but if the "dest" string will be overrun, return an > error code AND post to the syslog function. Seems like this is begging for a "safe" string class for C++; I'm sure that length-safe classes exist. Subclass off that for "safer" classes to handle the special characters a la the latest sendmail brouhaha. [I conveniently ignore the fact that all the common source base out there is C (probably a lot of it not even ANSI), and the increased opportunities that C++ gives for obfuscated code.] -- KH