C Programming/C Reference/nonstandard/strlcpy

In computer programming, the strlcpy function is intended to replace the function strcpy (which copies a string to a destination buffer) with a secure version that cannot overflow the destination buffer. It is almost always accompanied by the strlcat function which provides a similar alternative to strcat (which appends a source string to a destination buffer).

The standard C functions that can be used to avoid buffer overflow, strncpy and strncat, have serious design flaws that make them difficult and unnecessarily slow to use correctly. strlcpy and strlcat are designed so that correct usage is as simple as possible.

These are not C standard library functions, but are available in the libraries on several Unix operating systems, including BSD, Mac OS X, Solaris, Android and IRIX, with notable exception of glibc on Linux, although it is available from libbsd instead.

Usage
Like <tt>strncpy</tt>, <tt>strlcpy</tt> takes the destination's size as a parameter and will not write more than that many bytes, to prevent buffer overflow (assuming <tt>size</tt> is correct). But, unlike <tt>strncpy</tt>, <tt>strlcpy</tt> always writes a single <tt>NUL</tt> byte to the destination (if <tt>size</tt> is not zero). The resulting string is guaranteed to be <tt>NUL</tt>-terminated even if truncated. Also it does not waste time writing multiple <tt>NUL</tt> bytes to fill the rest of the buffer, unlike <tt>strncpy</tt>.

In addition, <tt>strlcpy</tt> counts and returns the length of the entire source string (<tt>strncpy</tt> doesn't return a length). This length can be compared to the destination buffer's size to check if it was truncated, and to work around truncation, for example:

<tt>strlcat</tt> is equivalent to writing the appended strings to a temporary infinitely-large buffer, and then doing a <tt>strlcpy</tt> from that buffer to the destination.

History
<tt>strlcpy</tt> and <tt>strlcat</tt> were developed by Todd C. Miller and Theo de Raadt and first implemented in OpenBSD version 2.4. It has subsequently been adopted by a number of operating systems including FreeBSD (from version 3.3), Solaris, Mac OS X and GNU-based systems through libbsd. Many application packages and libraries include their own copies of these functions, including glib, rsync, Samba, KDE, and the Linux kernel itself.

Criticism
GNU C Library maintainer Ulrich Drepper is among the critics of the <tt>strlcpy</tt> and <tt>strlcat</tt> functions; consequently these functions have not been added to glibc. Drepper argues that <tt>strlcpy</tt> and <tt>strlcat</tt> make truncation errors easier for a programmer to ignore and thus can introduce more bugs than they remove. His concern with possible truncation, when using any string function involving static allocation, is shared by others.

The alternative recommended by Drepper is: Other criticisms are that the functions are non-standard and that there are implementation differences between the BSD and Solaris implementations (the return value of <tt>strlcat</tt>, when there is no NUL in the destination buffer, differs).