Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Feb 2013 21:00:27 +0100
From: John Spencer <>
Subject: Re: strcasestr.c

On 02/21/2013 07:18 AM, Isaac Dunham wrote:
> On Wed, 20 Feb 2013 20:03:28 -0500
> Rich Felker<>  wrote:
>>>> Since strcasestr is nonstandard and not clearly specified,
>>> it's so non-standard that even nobody uses it.
>>> i looked up the usage of the function in, and
>>> the only *user* (from all ~20K debian packages) of the function is
>>> gnu wget.
>> Are you sure this search was correct? IIRC there were more...

i just checked again, and according to debian codesearch this is indeed 
the only call.

> A quick check here indicates that busybox, mutt, git, midnight commander, sylpheed, foomatic-rip, elinks, and a couple libraries use it.
> Busycox uses it in grep and for checking passwords (see libbb/obscure.c).

interesting findings. i can confirm that busybox does indeed use 
strcasestr unconditionally, and git seems to use it as well.
so it was probably added to make busybox happy.

i can't really believe that git is not in debian's 18K base packages, so 
i can't really explain why this is missing from codesearch results.

>> The other somewhat reasonable option would be removing the function,
>> which would expose breakage in programs that were already using the
>> broken version in musl. I'm mildly against this, but I'd be interested
>> in hearing arguments either way.
> Were the claimed frequency correct, I would want it gone. As it stands, I think that a small but slow version is justifiable. A large one isn't.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.