strlcpy

In computer programming, the strlcpy function is intended to replace the function strcpy (which copies a string to a destination buffer) with a secure version that cannot overflow the destination buffer. It is almost always accompanied by the strlcat function which provides a similar alternative to strcat (which appends a source string to a destination buffer).

The standard C functions that can be used to avoid buffer overflow, strncpy and strncat, have serious design flaws that make them difficult and unnecessarily slow to use correctly. strlcpy and strlcat are designed so that correct usage is as simple as possible.

These are not C standard library functions, but are available in the libraries on several Unix operating systems, including BSD, Mac OS X, Solaris, Android and IRIX, with notable exception of glibc on Linux.

History

strlcpy and strlcat were developed by Todd C. Miller and Theo de Raadt and first implemented in OpenBSD version 2.4. It has subsequently been adopted by a number of operating systems including FreeBSD (from version 3.3), Solaris and Mac OS X. Many application packages and libraries include their own copies of these functions, including glib, rsync, Samba, KDE, and the Linux kernel itself.

Criticism

GNU C Library maintainer Ulrich Drepper is among the critics of the strlcpy and strlcat functions;^[1] consequently these functions have not been added to glibc. Drepper argues that strlcpy and strlcat make truncation errors easier for a programmer to ignore and thus can introduce more bugs than they remove.^[1] His concern with possible truncation, when using any string function involving static allocation, is shared by others.^[2]

Other criticisms are that the functions are non-standard and that there are implementation differences between the BSD and Solaris implementations (the return value of strlcat, when there is no NUL in the destination buffer, differs).^[3]

References

^ ^a ^b libc-alpha mailing list, selected messages from 8 August 2000 thread: 53, 60, 61
^ Antill, James. Security with string APIs: Security relevant things to look for in a string library API
^ Antill, James. Security with string APIs

External links

strlcpy and strlcat--Consistent, Safe, String Copy and Concatenation - a paper written by Miller and de Raadt, presented at Usenix 99
strlcpy(3): size-bounded string copying and concatenation – OpenBSD Library Functions Manual
Developer Blog discussion of strlcpy and mempcpy

[libc-alpha-discussion-1-1] -alpha mailing list, selected messages from 8 August 2000 thread: 53, 60, 61

[2] Antill, James. Security with string APIs: Security relevant things to look for in a string library API

[3] Antill, James. Security with string APIs

[1]

[2]

[3]