Module Name: src Committed By: riastradh Date: Fri Aug 11 11:51:54 UTC 2023
Modified Files: src/lib/libc/string: strncpy.3 Log Message: strncpy(3): Qualify example of strlcpy(3) with a major caveat. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/lib/libc/string/strncpy.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/lib/libc/string/strncpy.3 diff -u src/lib/libc/string/strncpy.3:1.1 src/lib/libc/string/strncpy.3:1.2 --- src/lib/libc/string/strncpy.3:1.1 Fri Aug 11 09:39:39 2023 +++ src/lib/libc/string/strncpy.3 Fri Aug 11 11:51:54 2023 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" from: @(#)strcpy.3 8.1 (Berkeley) 6/4/93 -.\" $NetBSD: strncpy.3,v 1.1 2023/08/11 09:39:39 riastradh Exp $ +.\" $NetBSD: strncpy.3,v 1.2 2023/08/11 11:51:54 riastradh Exp $ .\" .Dd August 11, 2023 .Dt STRNCPY 3 @@ -158,9 +158,12 @@ char buf[1024]; buf[sizeof(buf) - 1] = '\e0'; .Ed .Pp -This could be better and more simply achieved using -.Xr strlcpy 3 , -as shown in the following example: +If +.Va buf +need only be be NUL-terminated, not fully initialized with NUL padding, +this could be achieved using +.Xr strlcpy 3 +as follows: .Bd -literal -offset indent (void)strlcpy(buf, input, sizeof(buf)); .Ed @@ -169,6 +172,22 @@ Note that because .Xr strlcpy 3 is not defined in any standards, it should only be used when portability is not a concern. +.Pp +.Sy WARNING : +Because +.Xr strlcpy 3 +does not fully initialize +.Fa dst , +it is +.Em not +a safe NUL-terminating replacement for +.Fn strncpy +if the buffer is not separately zero-initialized. +Naively replacing +.Fn strncpy +by +.Xr strlcpy 3 +can lead to disclosure of secrets from uninitialized memory. .Sh SEE ALSO .Xr bcopy 3 , .Xr memccpy 3 ,