xref: /freebsd/lib/libc/string/strlcpy.3 (revision 8ddb146abcdf061be9f2c0db7e391697dafad85c)
1.\"	$OpenBSD: strlcpy.3,v 1.26 2013/09/30 12:02:35 millert Exp $
2.\"
3.\" Copyright (c) 1998, 2000 Todd C. Miller <Todd.Miller@courtesan.com>
4.\"
5.\" Permission to use, copy, modify, and distribute this software for any
6.\" purpose with or without fee is hereby granted, provided that the above
7.\" copyright notice and this permission notice appear in all copies.
8.\"
9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\"
17.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
18.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
19.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
20.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
21.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
22.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
23.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
24.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
25.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
26.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27.\"
28.\" $FreeBSD$
29.\"
30.Dd May 1, 2020
31.Dt STRLCPY 3
32.Os
33.Sh NAME
34.Nm strlcpy ,
35.Nm strlcat
36.Nd size-bounded string copying and concatenation
37.Sh LIBRARY
38.Lb libc
39.Sh SYNOPSIS
40.In string.h
41.Ft size_t
42.Fn strlcpy "char * restrict dst" "const char * restrict src" "size_t dstsize"
43.Ft size_t
44.Fn strlcat "char * restrict dst" "const char * restrict src" "size_t dstsize"
45.Sh DESCRIPTION
46The
47.Fn strlcpy
48and
49.Fn strlcat
50functions copy and concatenate strings with the
51same input parameters and output result as
52.Xr snprintf 3 .
53They are designed to be safer, more consistent, and less error
54prone replacements for the easily misused functions
55.Xr strncpy 3
56and
57.Xr strncat 3 .
58.Pp
59.Fn strlcpy
60and
61.Fn strlcat
62take the full size of the destination buffer and guarantee
63NUL-termination if there is room.
64Note that room for the NUL should be included in
65.Fa dstsize .
66.Pp
67.Fn strlcpy
68copies up to
69.Fa dstsize
70\- 1 characters from the string
71.Fa src
72to
73.Fa dst ,
74NUL-terminating the result if
75.Fa dstsize
76is not 0.
77.Pp
78.Fn strlcat
79appends string
80.Fa src
81to the end of
82.Fa dst .
83It will append at most
84.Fa dstsize
85\- strlen(dst) \- 1 characters.
86It will then NUL-terminate, unless
87.Fa dstsize
88is 0 or the original
89.Fa dst
90string was longer than
91.Fa dstsize
92(in practice this should not happen
93as it means that either
94.Fa dstsize
95is incorrect or that
96.Fa dst
97is not a proper string).
98.Pp
99If the
100.Fa src
101and
102.Fa dst
103strings overlap, the behavior is undefined.
104.Sh RETURN VALUES
105Besides quibbles over the return type
106.Pf ( Va size_t
107versus
108.Va int )
109and signal handler safety
110.Pf ( Xr snprintf 3
111is not entirely safe on some systems), the
112following two are equivalent:
113.Bd -literal -offset indent
114n = strlcpy(dst, src, len);
115n = snprintf(dst, len, "%s", src);
116.Ed
117.Pp
118Like
119.Xr snprintf 3 ,
120the
121.Fn strlcpy
122and
123.Fn strlcat
124functions return the total length of the string they tried to create.
125For
126.Fn strlcpy
127that means the length of
128.Fa src .
129For
130.Fn strlcat
131that means the initial length of
132.Fa dst
133plus
134the length of
135.Fa src .
136.Pp
137If the return value is
138.Cm >=
139.Va dstsize ,
140the output string has been truncated.
141It is the caller's responsibility to handle this.
142.Sh EXAMPLES
143The following code fragment illustrates the simple case:
144.Bd -literal -offset indent
145char *s, *p, buf[BUFSIZ];
146
147\&...
148
149(void)strlcpy(buf, s, sizeof(buf));
150(void)strlcat(buf, p, sizeof(buf));
151.Ed
152.Pp
153To detect truncation, perhaps while building a pathname, something
154like the following might be used:
155.Bd -literal -offset indent
156char *dir, *file, pname[MAXPATHLEN];
157
158\&...
159
160if (strlcpy(pname, dir, sizeof(pname)) >= sizeof(pname))
161	goto toolong;
162if (strlcat(pname, file, sizeof(pname)) >= sizeof(pname))
163	goto toolong;
164.Ed
165.Pp
166Since it is known how many characters were copied the first time, things
167can be sped up a bit by using a copy instead of an append:
168.Bd -literal -offset indent
169char *dir, *file, pname[MAXPATHLEN];
170size_t n;
171
172\&...
173
174n = strlcpy(pname, dir, sizeof(pname));
175if (n >= sizeof(pname))
176	goto toolong;
177if (strlcpy(pname + n, file, sizeof(pname) - n) >= sizeof(pname) - n)
178	goto toolong;
179.Ed
180.Pp
181However, one may question the validity of such optimizations, as they
182defeat the whole purpose of
183.Fn strlcpy
184and
185.Fn strlcat .
186As a matter of fact, the first version of this manual page got it wrong.
187.Sh SEE ALSO
188.Xr snprintf 3 ,
189.Xr strncat 3 ,
190.Xr strncpy 3 ,
191.Xr wcslcpy 3
192.Rs
193.%A Todd C. Miller
194.%A Theo de Raadt
195.%T strlcpy and strlcat -- Consistent, Safe, String Copy and Concatenation
196.%I USENIX Association
197.%B Proceedings of the FREENIX Track: 1999 USENIX Annual Technical Conference
198.%D June 6-11, 1999
199.%U http://www.usenix.org/publications/library/proceedings/usenix99/
200.%U full_papers/millert/millert.pdf
201.Re
202.Sh HISTORY
203The
204.Fn strlcpy
205and
206.Fn strlcat
207functions first appeared in
208.Ox 2.4 ,
209and
210.Fx 3.3 .
211