Module Name: src
Committed By: riastradh
Date: Fri Aug 11 11:51:54 UTC 2023
Modified Files:
src/lib/libc/string: strncpy.3
Log Message:
strncpy(3): Qualify example of strlcpy(3) with a major caveat.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/lib/libc/string/strncpy.3
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libc/string/strncpy.3
diff -u src/lib/libc/string/strncpy.3:1.1 src/lib/libc/string/strncpy.3:1.2
--- src/lib/libc/string/strncpy.3:1.1 Fri Aug 11 09:39:39 2023
+++ src/lib/libc/string/strncpy.3 Fri Aug 11 11:51:54 2023
@@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" from: @(#)strcpy.3 8.1 (Berkeley) 6/4/93
-.\" $NetBSD: strncpy.3,v 1.1 2023/08/11 09:39:39 riastradh Exp $
+.\" $NetBSD: strncpy.3,v 1.2 2023/08/11 11:51:54 riastradh Exp $
.\"
.Dd August 11, 2023
.Dt STRNCPY 3
@@ -158,9 +158,12 @@ char buf[1024];
buf[sizeof(buf) - 1] = '\e0';
.Ed
.Pp
-This could be better and more simply achieved using
-.Xr strlcpy 3 ,
-as shown in the following example:
+If
+.Va buf
+need only be be NUL-terminated, not fully initialized with NUL padding,
+this could be achieved using
+.Xr strlcpy 3
+as follows:
.Bd -literal -offset indent
(void)strlcpy(buf, input, sizeof(buf));
.Ed
@@ -169,6 +172,22 @@ Note that because
.Xr strlcpy 3
is not defined in any standards, it should
only be used when portability is not a concern.
+.Pp
+.Sy WARNING :
+Because
+.Xr strlcpy 3
+does not fully initialize
+.Fa dst ,
+it is
+.Em not
+a safe NUL-terminating replacement for
+.Fn strncpy
+if the buffer is not separately zero-initialized.
+Naively replacing
+.Fn strncpy
+by
+.Xr strlcpy 3
+can lead to disclosure of secrets from uninitialized memory.
.Sh SEE ALSO
.Xr bcopy 3 ,
.Xr memccpy 3 ,
