strcpy.3: NOTES: Add a discussion of strlcpy()

Inspired by https://lwn.net/Articles/506530/ Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
author: Michael Kerrisk <mtk.manpages@gmail.com> 2012-07-19 11:29:15 +0200
committer: Michael Kerrisk <mtk.manpages@gmail.com> 2012-07-20 12:52:45 +0200
commit: bb96fc35a3b664ef3959eaefb095608846f89df7 (patch)
tree: 56422bc1d40b6de03d0eac055bf05098f6c2db40 /man3/strcpy.3
parent: 276d73b6ed8357c28473d812fa18a6622f841a78 (diff)
download: man-pages-bb96fc35a3b664ef3959eaefb095608846f89df7.tar.gz
1 files changed, 49 insertions, 1 deletions
diff --git a/man3/strcpy.3 b/man3/strcpy.3
index 260bd853b7..afc751e3b9 100644
--- a/man3/strcpy.3
+++ b/man3/strcpy.3
@@ -30,7 +30,7 @@
 .\" 2007-06-15, Marc Boyer <marc.boyer@enseeiht.fr> + mtk
 .\"     Improve discussion of strncpy().
 .\"
-.TH STRCPY 3  2012-07-18 "GNU" "Linux Programmer's Manual"
+.TH STRCPY 3  2012-07-19 "GNU" "Linux Programmer's Manual"
 .SH NAME
 strcpy, strncpy \- copy a string
 .SH SYNOPSIS
@@ -111,6 +111,15 @@ the length of \fIsrc\fP, then
 .BR strcpy ()
 can be used.
 
+One valid (and intended) use of
+.BR strncpy ()
+is to copy a C string to a fixed-length buffer
+while ensuring both that the buffer is not overflowed
+and that unused bytes in the target buffer are zeroed out
+(perhaps to prevent information leaks if the buffer is to
+written to media or transmitted to another process via an
+interprocess communication technique).
+
 If there is no terminating null byte in the first \fIn\fP
 bytes of \fIsrc\fP,
 .BR strncpy ()
@@ -131,6 +140,45 @@ information contained in
 .I src
 is lost in the copying to
 .IR dest .)
+
+Some systems (the BSDs, Solaris, and others) provide the following function:
+
+    size_t strlcpy(char *dest, const char *src, size_t size);
+
+.\" http://static.usenix.org/event/usenix99/full_papers/millert/millert_html/index.html
+.\"     "strlcpy and strlcat - consistent, safe, string copy and concatenation"
+.\"     1999 USENIX Annual Technical Conference
+This function is similar to
+.BR strncpy (),
+but it copies at most
+.I size\-1
+bytes to 
+.IR dest ,
+always adds a terminating null byte,
+and does not pad the target with (further) null bytes.
+This function fixes some of the problems of
+.BR strcpy ()
+and
+.BR strncpy (),
+but the caller must still handle the possibility of data loss if
+.I size
+is too small.
+The return value of the function is the length of
+.IR src ,
+which allows truncation to be easily detected:
+if the return value is greater than or equal to
+.IR size ,
+truncation occurred.
+If loss of data matters, the caller
+.I must
+either check the arguments before the call,
+or test the function return value.
+.BR strlcpy ()
+is not present in glibc and is not standardized by POSIX,
+.\" https://lwn.net/Articles/506530/
+but is available on Linux via the
+.IR libbsd
+library.
 .SH BUGS
 If the destination string of a
 .BR strcpy ()
author	Michael Kerrisk <mtk.manpages@gmail.com>	2012-07-19 11:29:15 +0200
committer	Michael Kerrisk <mtk.manpages@gmail.com>	2012-07-20 12:52:45 +0200
commit	bb96fc35a3b664ef3959eaefb095608846f89df7 (patch)
tree	56422bc1d40b6de03d0eac055bf05098f6c2db40 /man3/strcpy.3
parent	276d73b6ed8357c28473d812fa18a6622f841a78 (diff)
download	man-pages-bb96fc35a3b664ef3959eaefb095608846f89df7.tar.gz