Philip Guenther wrote: > On Fri, Dec 25, 2015 at 8:21 PM, Ricardo Mestre <[email protected]> > wrote: > > I made an inspection on userland tree and there quite a few applications > > still > > using strncpy(3) instead of strlcpy(3). Some of them may never need that > > safety > > since the boundaries are always fixed, nevertheless since strlcpy is a > > drop-in > > replacement it doesn't hurt to use, plus it will always be safer than > > strncpy. > > strlcpy() is not a "drop-in replacement" for strncpy() for _all_ > circumstances. There are conditions under which strncpy()'s behavior > is actually the expected and required. For example, to quote > utmp(5)'s CAVEATS section: > The strings in the utmp and lastlog structures are not normal `C' strings > and are thus not guaranteed to be null terminated. > > The practice for those fields is to use strncpy() when filling them, > both so that you don't leak garbage into bytes after the first NUL and > to permit use of the full field width. Switching to strlcpy() would > be wrong for both reasons.
Reminder that the lesser used strncat does not zero fill. strlcat is not identical, but a much closer to automatic replacement. Remaining strncat usage is more likely to be a mistake, imo. possibly even a bug if the author assumed that it did zero the buffer.
