> there is also another point here: strlcpy is safer than strcpy > and strncpy because _if_ there is an overflow the string will
What happens if you pass an incorrect size to strlcpy?. Please, stop of saying stupid things. if (strlcpy(dst, src, nsrc) >= nsrc) error(); is equal to: if (nsrc >= ndst) error(); memcpy(dst, src, nsrc); but the code with strlcpy is slower and not portable. There is a reason why after 16 years strlcpy is not in any standard, no C11, no POSIX, and it is because it sucks a lot. >From my point of view the worst thing is that people believe that using strlcpy the code magically becomes secure, and this is a totally false security sensation. You have to check the return code, and it means that the code is totally equivalent to an explicit if. Look for example this case: deluser(strlcpy(dst, "user15", 4)); Since you are not checking any return code there you are not deleting the correct user, and this kind of attacks can be very easy of attack, more easier than stack overflow. In a previous mail you said that one of the reasons of using strlcpy was to avoid problems in the future due to modifications in the code. Did you think about it before writing it?. You can say that of _ANY_ operation in C, mainly with pointers and indexes, but strlcpy can not help at all in a situation like this: #define LENA 5 #define LENB 6 char sa[LENB]; f(sa); f(char s[LENB]) { strlcpy(s, "This is a very long string", LENB); } and now you have this patch: - char sa[LENB]; + char sa[LENA]; Do you see? strlcpy didn't help at all, and due to the false security sensation the programmer didn't dig to see all the side effects of changing the size of sa. C is a very low level language, and it is a language without support for strings, and the only way of writting correct code is to be very carefull and before doing any change check everything, and look for all the possible errors due to your change. And of course, strlcpy is also totally useless because you can do the same work with snprintf. Regards, PD: I don't want to begin a flame war, but please, stop of being a fan boy and think for yourself, try to find the strong points and what is propaganda.