Use somewhat harsher language and better examples; demonstrate that

non-dangerous use functions is difficult. ok guenther
author: deraadt <> 2014-04-19 11:30:40 +0000
committer: deraadt <> 2014-04-19 11:30:40 +0000
commit: 597610ccf04bbca4e88fac7988877d0a06e02211 (patch)
tree: fcfc398023e666979cbe5ad67cb1e398e980f095 /src/lib/libc/string/strncpy.3
parent: 442335bf77f2f6653794378cc53adb59bba1ed12 (diff)
download: openbsd-597610ccf04bbca4e88fac7988877d0a06e02211.tar.gz
openbsd-597610ccf04bbca4e88fac7988877d0a06e02211.tar.bz2
openbsd-597610ccf04bbca4e88fac7988877d0a06e02211.zip
1 files changed, 21 insertions, 36 deletions
diff --git a/src/lib/libc/string/strncpy.3 b/src/lib/libc/string/strncpy.3
index dd8ddb86fc..3a68a0bd5b 100644
--- a/src/lib/libc/string/strncpy.3
+++ b/src/lib/libc/string/strncpy.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: strncpy.3,v 1.1 2013/12/19 20:52:37 millert Exp $
+.\"     $OpenBSD: strncpy.3,v 1.2 2014/04/19 11:30:40 deraadt Exp $
 .\"
 .\" Copyright (c) 1990, 1991 The Regents of the University of California.
 .\" All rights reserved.
@@ -31,7 +31,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 19 2013 $
+.Dd $Mdocdate: April 19 2014 $
 .Dt STRNCPY 3
 .Os
 .Sh NAME
@@ -48,17 +48,16 @@ function copies not more than
 .Fa len
 characters from the string
 .Fa src
-to
+to the buffer
 .Fa dst .
 If
 .Fa src
 is less than
 .Fa len
 characters long,
-it appends
+it fills the remaining buffer with
 .Ql \e0
-characters for the rest of
+characters.
-.Fa len .
 If the length of
 .Fa src
 is greater than or equal to
@@ -68,6 +67,11 @@ will
 .Em not
 be NUL-terminated.
 .Pp
+.Fn strncpy
+.Em only
+NUL terminates the destination string when the length of the source
+string is less than the length parameter.
+.Pp
 If the
 .Fa src
 and
@@ -90,31 +94,17 @@ to
 The following sets
 .Va chararray
 to
-.Dq abcdef
+.Dq abcdef ,
-and does
+without a NUL-terminator:
-.Em not
-NUL terminate
-.Va chararray
-because the length of the source string is greater than or equal to the
-length parameter.
-.Fn strncpy
-.Em only
-NUL terminates the destination string when the length of the source
-string is less than the length parameter.
 .Bd -literal -offset indent
 (void)strncpy(chararray, "abcdefgh", 6);
 .Ed
 .Pp
-The following copies as many characters from
+The following sequence copies as many characters from
 .Va input
 to
 .Va buf
-as will fit and NUL terminates the result.
+as will fit, and then NUL terminates the result by hand:
-Because
-.Fn strncpy
-does
-.Em not
-guarantee to NUL terminate the string itself, it must be done by hand.
 .Bd -literal -offset indent
 char buf[BUFSIZ];
@@ -122,23 +112,18 @@ char buf[BUFSIZ];
 buf[sizeof(buf) - 1] = '\e0';
 .Ed
 .Pp
-Note that
+By now it is clear that
-.Xr strlcpy 3
+.Nm strncpy
-is a better choice for this kind of operation.
+is dangerously easy to misuse.
-The equivalent using
+The
 .Xr strlcpy 3
-is simply:
+function is safer for this kind of operation:
 .Bd -literal -offset indent
-(void)strlcpy(buf, input, sizeof(buf));
+if (strlcpy(buf, input, sizeof(buf)) >= sizeof(buf))
+        goto toolong;
 .Ed
 .Sh SEE ALSO
-.Xr bcopy 3 ,
-.Xr memccpy 3 ,
-.Xr memcpy 3 ,
-.Xr memmove 3 ,
-.Xr strcat 3 ,
 .Xr strlcpy 3 ,
-.Xr strncat 3 ,
 .Xr wcscpy 3 ,
 .Xr wcslcpy 3
 .Sh STANDARDS
author	deraadt <>	2014-04-19 11:30:40 +0000
committer	deraadt <>	2014-04-19 11:30:40 +0000
commit	597610ccf04bbca4e88fac7988877d0a06e02211 (patch)
tree	fcfc398023e666979cbe5ad67cb1e398e980f095 /src/lib/libc/string/strncpy.3
parent	442335bf77f2f6653794378cc53adb59bba1ed12 (diff)
download	openbsd-597610ccf04bbca4e88fac7988877d0a06e02211.tar.gz openbsd-597610ccf04bbca4e88fac7988877d0a06e02211.tar.bz2 openbsd-597610ccf04bbca4e88fac7988877d0a06e02211.zip

diff --git a/src/lib/libc/string/strncpy.3 b/src/lib/libc/string/strncpy.3 index dd8ddb86fc..3a68a0bd5b 100644 --- a/src/lib/libc/string/strncpy.3 +++ b/src/lib/libc/string/strncpy.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: strncpy.3,v 1.1 2013/12/19 20:52:37 millert Exp $	1	.\" $OpenBSD: strncpy.3,v 1.2 2014/04/19 11:30:40 deraadt Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 1990, 1991 The Regents of the University of California.	3	.\" Copyright (c) 1990, 1991 The Regents of the University of California.
4	.\" All rights reserved.	4	.\" All rights reserved.
@@ -31,7 +31,7 @@
31	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF	31	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32	.\" SUCH DAMAGE.	32	.\" SUCH DAMAGE.
33	.\"	33	.\"
34	.Dd $Mdocdate: December 19 2013 $	34	.Dd $Mdocdate: April 19 2014 $
35	.Dt STRNCPY 3	35	.Dt STRNCPY 3
36	.Os	36	.Os
37	.Sh NAME	37	.Sh NAME
@@ -48,17 +48,16 @@ function copies not more than
48	.Fa len	48	.Fa len
49	characters from the string	49	characters from the string
50	.Fa src	50	.Fa src
51	to	51	to the buffer
52	.Fa dst .	52	.Fa dst .
53	If	53	If
54	.Fa src	54	.Fa src
55	is less than	55	is less than
56	.Fa len	56	.Fa len
57	characters long,	57	characters long,
58	it appends	58	it fills the remaining buffer with
59	.Ql \e0	59	.Ql \e0
60	characters for the rest of	60	characters.
61	.Fa len .
62	If the length of	61	If the length of
63	.Fa src	62	.Fa src
64	is greater than or equal to	63	is greater than or equal to
@@ -68,6 +67,11 @@ will
68	.Em not	67	.Em not
69	be NUL-terminated.	68	be NUL-terminated.
70	.Pp	69	.Pp
		70	.Fn strncpy
		71	.Em only
		72	NUL terminates the destination string when the length of the source
		73	string is less than the length parameter.
		74	.Pp
71	If the	75	If the
72	.Fa src	76	.Fa src
73	and	77	and
@@ -90,31 +94,17 @@ to
90	The following sets	94	The following sets
91	.Va chararray	95	.Va chararray
92	to	96	to
93	.Dq abcdef	97	.Dq abcdef ,
94	and does	98	without a NUL-terminator:
95	.Em not
96	NUL terminate
97	.Va chararray
98	because the length of the source string is greater than or equal to the
99	length parameter.
100	.Fn strncpy
101	.Em only
102	NUL terminates the destination string when the length of the source
103	string is less than the length parameter.
104	.Bd -literal -offset indent	99	.Bd -literal -offset indent
105	(void)strncpy(chararray, "abcdefgh", 6);	100	(void)strncpy(chararray, "abcdefgh", 6);
106	.Ed	101	.Ed
107	.Pp	102	.Pp
108	The following copies as many characters from	103	The following sequence copies as many characters from
109	.Va input	104	.Va input
110	to	105	to
111	.Va buf	106	.Va buf
112	as will fit and NUL terminates the result.	107	as will fit, and then NUL terminates the result by hand:
113	Because
114	.Fn strncpy
115	does
116	.Em not
117	guarantee to NUL terminate the string itself, it must be done by hand.
118	.Bd -literal -offset indent	108	.Bd -literal -offset indent
119	char buf[BUFSIZ];	109	char buf[BUFSIZ];
120		110
@@ -122,23 +112,18 @@ char buf[BUFSIZ];
122	buf[sizeof(buf) - 1] = '\e0';	112	buf[sizeof(buf) - 1] = '\e0';
123	.Ed	113	.Ed
124	.Pp	114	.Pp
125	Note that	115	By now it is clear that
126	.Xr strlcpy 3	116	.Nm strncpy
127	is a better choice for this kind of operation.	117	is dangerously easy to misuse.
128	The equivalent using	118	The
129	.Xr strlcpy 3	119	.Xr strlcpy 3
130	is simply:	120	function is safer for this kind of operation:
131	.Bd -literal -offset indent	121	.Bd -literal -offset indent
132	(void)strlcpy(buf, input, sizeof(buf));	122	if (strlcpy(buf, input, sizeof(buf)) >= sizeof(buf))
		123	goto toolong;
133	.Ed	124	.Ed
134	.Sh SEE ALSO	125	.Sh SEE ALSO
135	.Xr bcopy 3 ,
136	.Xr memccpy 3 ,
137	.Xr memcpy 3 ,
138	.Xr memmove 3 ,
139	.Xr strcat 3 ,
140	.Xr strlcpy 3 ,	126	.Xr strlcpy 3 ,
141	.Xr strncat 3 ,
142	.Xr wcscpy 3 ,	127	.Xr wcscpy 3 ,
143	.Xr wcslcpy 3	128	.Xr wcslcpy 3
144	.Sh STANDARDS	129	.Sh STANDARDS