1 files changed, 179 insertions, 0 deletions
diff --git a/src/lib/libc/string/strlcpy.3 b/src/lib/libc/string/strlcpy.3
new file mode 100644
index 0000000000..b392588879
--- /dev/null
+++ b/src/lib/libc/string/strlcpy.3
@@ -0,0 +1,179 @@
+.\" $OpenBSD: strlcpy.3,v 1.16 2003/06/17 21:56:24 millert Exp $
+.\"
+.\" Copyright (c) 1998, 2000 Todd C. Miller <Todd.Miller@courtesan.com>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd June 22, 1998
+.Dt STRLCPY 3
+.Os
+.Sh NAME
+.Nm strlcpy ,
+.Nm strlcat
+.Nd size-bounded string copying and concatenation
+.Sh SYNOPSIS
+.Fd #include <string.h>
+.Ft size_t
+.Fn strlcpy "char *dst" "const char *src" "size_t size"
+.Ft size_t
+.Fn strlcat "char *dst" "const char *src" "size_t size"
+.Sh DESCRIPTION
+The
+.Fn strlcpy
+and
+.Fn strlcat
+functions copy and concatenate strings respectively.
+They are designed
+to be safer, more consistent, and less error prone replacements for
+.Xr strncpy 3
+and
+.Xr strncat 3 .
+Unlike those functions,
+.Fn strlcpy
+and
+.Fn strlcat
+take the full size of the buffer (not just the length) and guarantee to
+NUL-terminate the result (as long as
+.Fa size
+is larger than 0 or, in the case of
+.Fn strlcat ,
+as long as there is at least one byte free in
+.Fa dst ) .
+Note that you should include a byte for the NUL in
+.Fa size .
+Also note that
+.Fn strlcpy
+and
+.Fn strlcat
+only operate on true
+.Dq C
+strings.
+This means that for
+.Fn strlcpy
+.Fa src
+must be NUL-terminated and for
+.Fn strlcat
+both
+.Fa src
+and
+.Fa dst
+must be NUL-terminated.
+.Pp
+The
+.Fn strlcpy
+function copies up to
+.Fa size
+- 1 characters from the NUL-terminated string
+.Fa src
+to
+.Fa dst ,
+NUL-terminating the result.
+.Pp
+The
+.Fn strlcat
+function appends the NUL-terminated string
+.Fa src
+to the end of
+.Fa dst .
+It will append at most
+.Fa size
+- strlen(dst) - 1 bytes, NUL-terminating the result.
+.Sh RETURN VALUES
+The
+.Fn strlcpy
+and
+.Fn strlcat
+functions return the total length of the string they tried to create.
+For
+.Fn strlcpy
+that means the length of
+.Fa src .
+For
+.Fn strlcat
+that means the initial length of
+.Fa dst
+plus
+the length of
+.Fa src .
+While this may seem somewhat confusing it was done to make
+truncation detection simple.
+.Pp
+Note however, that if
+.Fn strlcat
+traverses
+.Fa size
+characters without finding a NUL, the length of the string is considered
+to be
+.Fa size
+and the destination string will not be NUL-terminated (since there was
+no space for the NUL).
+This keeps
+.Fn strlcat
+from running off the end of a string.
+In practice this should not happen (as it means that either
+.Fa size
+is incorrect or that
+.Fa dst
+is not a proper
+.Dq C
+string).
+The check exists to prevent potential security problems in incorrect code.
+.Sh EXAMPLES
+The following code fragment illustrates the simple case:
+.Bd -literal -offset indent
+char *s, *p, buf[BUFSIZ];
+\&...
+(void)strlcpy(buf, s, sizeof(buf));
+(void)strlcat(buf, p, sizeof(buf));
+.Ed
+.Pp
+To detect truncation, perhaps while building a pathname, something
+like the following might be used:
+.Bd -literal -offset indent
+char *dir, *file, pname[MAXPATHLEN];
+\&...
+if (strlcpy(pname, dir, sizeof(pname)) >= sizeof(pname))
+        goto toolong;
+if (strlcat(pname, file, sizeof(pname)) >= sizeof(pname))
+        goto toolong;
+.Ed
+.Pp
+Since we know how many characters we copied the first time, we can
+speed things up a bit by using a copy instead of an append:
+.Bd -literal -offset indent
+char *dir, *file, pname[MAXPATHLEN];
+size_t n;
+\&...
+n = strlcpy(pname, dir, sizeof(pname));
+if (n >= sizeof(pname))
+        goto toolong;
+if (strlcpy(pname + n, file, sizeof(pname) - n) >= sizeof(pname) - n)
+        goto toolong;
+.Ed
+.Pp
+However, one may question the validity of such optimizations, as they
+defeat the whole purpose of
+.Fn strlcpy
+and
+.Fn strlcat .
+As a matter of fact, the first version of this manual page got it wrong.
+.Sh SEE ALSO
+.Xr snprintf 3 ,
+.Xr strncat 3 ,
+.Xr strncpy 3

diff --git a/src/lib/libc/string/strlcpy.3 b/src/lib/libc/string/strlcpy.3 new file mode 100644 index 0000000000..b392588879 --- /dev/null +++ b/src/lib/libc/string/strlcpy.3
@@ -0,0 +1,179 @@
	1	.\" $OpenBSD: strlcpy.3,v 1.16 2003/06/17 21:56:24 millert Exp $
	2	.\"
	3	.\" Copyright (c) 1998, 2000 Todd C. Miller <Todd.Miller@courtesan.com>
	4	.\"
	5	.\" Permission to use, copy, modify, and distribute this software for any
	6	.\" purpose with or without fee is hereby granted, provided that the above
	7	.\" copyright notice and this permission notice appear in all copies.
	8	.\"
	9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	.\"
	17	.Dd June 22, 1998
	18	.Dt STRLCPY 3
	19	.Os
	20	.Sh NAME
	21	.Nm strlcpy ,
	22	.Nm strlcat
	23	.Nd size-bounded string copying and concatenation
	24	.Sh SYNOPSIS
	25	.Fd #include <string.h>
	26	.Ft size_t
	27	.Fn strlcpy "char dst" "const char src" "size_t size"
	28	.Ft size_t
	29	.Fn strlcat "char dst" "const char src" "size_t size"
	30	.Sh DESCRIPTION
	31	The
	32	.Fn strlcpy
	33	and
	34	.Fn strlcat
	35	functions copy and concatenate strings respectively.
	36	They are designed
	37	to be safer, more consistent, and less error prone replacements for
	38	.Xr strncpy 3
	39	and
	40	.Xr strncat 3 .
	41	Unlike those functions,
	42	.Fn strlcpy
	43	and
	44	.Fn strlcat
	45	take the full size of the buffer (not just the length) and guarantee to
	46	NUL-terminate the result (as long as
	47	.Fa size
	48	is larger than 0 or, in the case of
	49	.Fn strlcat ,
	50	as long as there is at least one byte free in
	51	.Fa dst ) .
	52	Note that you should include a byte for the NUL in
	53	.Fa size .
	54	Also note that
	55	.Fn strlcpy
	56	and
	57	.Fn strlcat
	58	only operate on true
	59	.Dq C
	60	strings.
	61	This means that for
	62	.Fn strlcpy
	63	.Fa src
	64	must be NUL-terminated and for
	65	.Fn strlcat
	66	both
	67	.Fa src
	68	and
	69	.Fa dst
	70	must be NUL-terminated.
	71	.Pp
	72	The
	73	.Fn strlcpy
	74	function copies up to
	75	.Fa size
	76	- 1 characters from the NUL-terminated string
	77	.Fa src
	78	to
	79	.Fa dst ,
	80	NUL-terminating the result.
	81	.Pp
	82	The
	83	.Fn strlcat
	84	function appends the NUL-terminated string
	85	.Fa src
	86	to the end of
	87	.Fa dst .
	88	It will append at most
	89	.Fa size
	90	- strlen(dst) - 1 bytes, NUL-terminating the result.
	91	.Sh RETURN VALUES
	92	The
	93	.Fn strlcpy
	94	and
	95	.Fn strlcat
	96	functions return the total length of the string they tried to create.
	97	For
	98	.Fn strlcpy
	99	that means the length of
	100	.Fa src .
	101	For
	102	.Fn strlcat
	103	that means the initial length of
	104	.Fa dst
	105	plus
	106	the length of
	107	.Fa src .
	108	While this may seem somewhat confusing it was done to make
	109	truncation detection simple.
	110	.Pp
	111	Note however, that if
	112	.Fn strlcat
	113	traverses
	114	.Fa size
	115	characters without finding a NUL, the length of the string is considered
	116	to be
	117	.Fa size
	118	and the destination string will not be NUL-terminated (since there was
	119	no space for the NUL).
	120	This keeps
	121	.Fn strlcat
	122	from running off the end of a string.
	123	In practice this should not happen (as it means that either
	124	.Fa size
	125	is incorrect or that
	126	.Fa dst
	127	is not a proper
	128	.Dq C
	129	string).
	130	The check exists to prevent potential security problems in incorrect code.
	131	.Sh EXAMPLES
	132	The following code fragment illustrates the simple case:
	133	.Bd -literal -offset indent
	134	char s, p, buf[BUFSIZ];
	135
	136	\&...
	137
	138	(void)strlcpy(buf, s, sizeof(buf));
	139	(void)strlcat(buf, p, sizeof(buf));
	140	.Ed
	141	.Pp
	142	To detect truncation, perhaps while building a pathname, something
	143	like the following might be used:
	144	.Bd -literal -offset indent
	145	char dir, file, pname[MAXPATHLEN];
	146
	147	\&...
	148
	149	if (strlcpy(pname, dir, sizeof(pname)) >= sizeof(pname))
	150	goto toolong;
	151	if (strlcat(pname, file, sizeof(pname)) >= sizeof(pname))
	152	goto toolong;
	153	.Ed
	154	.Pp
	155	Since we know how many characters we copied the first time, we can
	156	speed things up a bit by using a copy instead of an append:
	157	.Bd -literal -offset indent
	158	char dir, file, pname[MAXPATHLEN];
	159	size_t n;
	160
	161	\&...
	162
	163	n = strlcpy(pname, dir, sizeof(pname));
	164	if (n >= sizeof(pname))
	165	goto toolong;
	166	if (strlcpy(pname + n, file, sizeof(pname) - n) >= sizeof(pname) - n)
	167	goto toolong;
	168	.Ed
	169	.Pp
	170	However, one may question the validity of such optimizations, as they
	171	defeat the whole purpose of
	172	.Fn strlcpy
	173	and
	174	.Fn strlcat .
	175	As a matter of fact, the first version of this manual page got it wrong.
	176	.Sh SEE ALSO
	177	.Xr snprintf 3 ,
	178	.Xr strncat 3 ,
	179	.Xr strncpy 3