]>
Commit | Line | Data |
---|---|---|
fea681da MK |
1 | .\" Copyright (C) 1993 David Metcalfe (david@prism.demon.co.uk) |
2 | .\" | |
93015253 | 3 | .\" %%%LICENSE_START(VERBATIM) |
fea681da MK |
4 | .\" Permission is granted to make and distribute verbatim copies of this |
5 | .\" manual provided the copyright notice and this permission notice are | |
6 | .\" preserved on all copies. | |
7 | .\" | |
8 | .\" Permission is granted to copy and distribute modified versions of this | |
9 | .\" manual under the conditions for verbatim copying, provided that the | |
10 | .\" entire resulting derived work is distributed under the terms of a | |
11 | .\" permission notice identical to this one. | |
c13182ef | 12 | .\" |
fea681da MK |
13 | .\" Since the Linux kernel and libraries are constantly changing, this |
14 | .\" manual page may be incorrect or out-of-date. The author(s) assume no | |
15 | .\" responsibility for errors or omissions, or for damages resulting from | |
16 | .\" the use of the information contained herein. The author(s) may not | |
17 | .\" have taken the same level of care in the production of this manual, | |
18 | .\" which is licensed free of charge, as they might when working | |
19 | .\" professionally. | |
c13182ef | 20 | .\" |
fea681da MK |
21 | .\" Formatted or processed versions of this manual, if unaccompanied by |
22 | .\" the source, must acknowledge the copyright and authors of this work. | |
4b72fb64 | 23 | .\" %%%LICENSE_END |
fea681da MK |
24 | .\" |
25 | .\" References consulted: | |
26 | .\" Linux libc source code | |
27 | .\" Lewine's _POSIX Programmer's Guide_ (O'Reilly & Associates, 1991) | |
28 | .\" 386BSD man pages | |
29 | .\" Modified Sat Jul 24 18:06:49 1993 by Rik Faith (faith@cs.unc.edu) | |
30 | .\" Modified Fri Aug 25 23:17:51 1995 by Andries Brouwer (aeb@cwi.nl) | |
31 | .\" Modified Wed Dec 18 00:47:18 1996 by Andries Brouwer (aeb@cwi.nl) | |
616a8140 MK |
32 | .\" 2007-06-15, Marc Boyer <marc.boyer@enseeiht.fr> + mtk |
33 | .\" Improve discussion of strncpy(). | |
fea681da | 34 | .\" |
9ba01802 | 35 | .TH STRCPY 3 2019-03-06 "GNU" "Linux Programmer's Manual" |
fea681da MK |
36 | .SH NAME |
37 | strcpy, strncpy \- copy a string | |
38 | .SH SYNOPSIS | |
39 | .nf | |
40 | .B #include <string.h> | |
68e4db0a | 41 | .PP |
fea681da | 42 | .BI "char *strcpy(char *" dest ", const char *" src ); |
68e4db0a | 43 | .PP |
fea681da MK |
44 | .BI "char *strncpy(char *" dest ", const char *" src ", size_t " n ); |
45 | .fi | |
46 | .SH DESCRIPTION | |
60a90ecd MK |
47 | The |
48 | .BR strcpy () | |
46d8df8e MK |
49 | function copies the string pointed to by |
50 | .IR src , | |
d1a71985 | 51 | including the terminating null byte (\(aq\e0\(aq), |
46d8df8e MK |
52 | to the buffer pointed to by |
53 | .IR dest . | |
1c44bd5b | 54 | The strings may not overlap, and the destination string |
46d8df8e MK |
55 | .I dest |
56 | must be large enough to receive the copy. | |
50a24bbc MK |
57 | .IR "Beware of buffer overruns!" |
58 | (See BUGS.) | |
fea681da | 59 | .PP |
60a90ecd MK |
60 | The |
61 | .BR strncpy () | |
616a8140 | 62 | function is similar, except that at most |
46d8df8e MK |
63 | .I n |
64 | bytes of | |
65 | .I src | |
66 | are copied. | |
616a8140 MK |
67 | .BR Warning : |
68 | If there is no null byte | |
46d8df8e MK |
69 | among the first |
70 | .I n | |
71 | bytes of | |
72 | .IR src , | |
73 | the string placed in | |
74 | .I dest | |
75 | will not be null-terminated. | |
fea681da | 76 | .PP |
616a8140 | 77 | If the length of |
fea681da | 78 | .I src |
616a8140 | 79 | is less than |
fea681da | 80 | .IR n , |
a638bc3b | 81 | .BR strncpy () |
11c85ed8 | 82 | writes additional null bytes to |
fea681da | 83 | .I dest |
cd90222a MK |
84 | to ensure that a total of |
85 | .I n | |
86 | bytes are written. | |
616a8140 MK |
87 | .PP |
88 | A simple implementation of | |
89 | .BR strncpy () | |
90 | might be: | |
e646a1ba | 91 | .PP |
088a639b | 92 | .in +4n |
e646a1ba | 93 | .EX |
83e5bed5 MK |
94 | char * |
95 | strncpy(char *dest, const char *src, size_t n) | |
96 | { | |
616a8140 MK |
97 | size_t i; |
98 | ||
d1a71985 | 99 | for (i = 0; i < n && src[i] != \(aq\e0\(aq; i++) |
616a8140 | 100 | dest[i] = src[i]; |
83e5bed5 | 101 | for ( ; i < n; i++) |
d1a71985 | 102 | dest[i] = \(aq\e0\(aq; |
616a8140 MK |
103 | |
104 | return dest; | |
105 | } | |
b8302363 | 106 | .EE |
616a8140 | 107 | .in |
47297adb | 108 | .SH RETURN VALUE |
60a90ecd MK |
109 | The |
110 | .BR strcpy () | |
111 | and | |
112 | .BR strncpy () | |
113 | functions return a pointer to | |
46d8df8e MK |
114 | the destination string |
115 | .IR dest . | |
21b49240 | 116 | .SH ATTRIBUTES |
5d876bea PH |
117 | For an explanation of the terms used in this section, see |
118 | .BR attributes (7). | |
119 | .TS | |
120 | allbox; | |
121 | lbw19 lb lb | |
122 | l l l. | |
123 | Interface Attribute Value | |
124 | T{ | |
125 | .BR strcpy (), | |
21b49240 | 126 | .BR strncpy () |
5d876bea PH |
127 | T} Thread safety MT-Safe |
128 | .TE | |
47297adb | 129 | .SH CONFORMING TO |
1f3be1bf | 130 | POSIX.1-2001, POSIX.1-2008, C89, C99, SVr4, 4.3BSD. |
616a8140 MK |
131 | .SH NOTES |
132 | Some programmers consider | |
133 | .BR strncpy () | |
134 | to be inefficient and error prone. | |
135 | If the programmer knows (i.e., includes code to test!) | |
46d8df8e MK |
136 | that the size of |
137 | .I dest | |
138 | is greater than | |
139 | the length of | |
140 | .IR src , | |
141 | then | |
616a8140 MK |
142 | .BR strcpy () |
143 | can be used. | |
847e0d88 | 144 | .PP |
bb96fc35 MK |
145 | One valid (and intended) use of |
146 | .BR strncpy () | |
147 | is to copy a C string to a fixed-length buffer | |
148 | while ensuring both that the buffer is not overflowed | |
a12b3059 | 149 | and that unused bytes in the destination buffer are zeroed out |
1de7d4a1 | 150 | (perhaps to prevent information leaks if the buffer is to be |
bb96fc35 MK |
151 | written to media or transmitted to another process via an |
152 | interprocess communication technique). | |
847e0d88 | 153 | .PP |
46d8df8e MK |
154 | If there is no terminating null byte in the first |
155 | .I n | |
156 | bytes of | |
157 | .IR src , | |
616a8140 | 158 | .BR strncpy () |
46d8df8e MK |
159 | produces an unterminated string in |
160 | .IR dest . | |
3f89ae77 MK |
161 | If |
162 | .I buf | |
163 | has length | |
164 | .IR buflen , | |
165 | you can force termination using something like the following: | |
e646a1ba | 166 | .PP |
088a639b | 167 | .in +4n |
e646a1ba | 168 | .EX |
85bbb2a2 MK |
169 | if (buflen > 0) { |
170 | strncpy(buf, str, buflen \- 1); | |
d1a71985 | 171 | buf[buflen \- 1]= \(aq\e0\(aq; |
85bbb2a2 | 172 | } |
b8302363 | 173 | .EE |
616a8140 | 174 | .in |
276d73b6 | 175 | .PP |
3f89ae77 | 176 | (Of course, the above technique ignores the fact that, if |
276d73b6 | 177 | .I src |
3f89ae77 MK |
178 | contains more than |
179 | .I "buflen\ \-\ 1" | |
180 | bytes, information is lost in the copying to | |
276d73b6 | 181 | .IR dest .) |
159c95e1 MK |
182 | .\" |
183 | .SS strlcpy() | |
bb96fc35 | 184 | Some systems (the BSDs, Solaris, and others) provide the following function: |
847e0d88 | 185 | .PP |
bb96fc35 | 186 | size_t strlcpy(char *dest, const char *src, size_t size); |
847e0d88 | 187 | .PP |
bb96fc35 MK |
188 | .\" http://static.usenix.org/event/usenix99/full_papers/millert/millert_html/index.html |
189 | .\" "strlcpy and strlcat - consistent, safe, string copy and concatenation" | |
190 | .\" 1999 USENIX Annual Technical Conference | |
191 | This function is similar to | |
192 | .BR strncpy (), | |
193 | but it copies at most | |
194 | .I size\-1 | |
11c85ed8 | 195 | bytes to |
bb96fc35 MK |
196 | .IR dest , |
197 | always adds a terminating null byte, | |
a12b3059 | 198 | and does not pad the destination with (further) null bytes. |
bb96fc35 MK |
199 | This function fixes some of the problems of |
200 | .BR strcpy () | |
201 | and | |
202 | .BR strncpy (), | |
203 | but the caller must still handle the possibility of data loss if | |
204 | .I size | |
205 | is too small. | |
206 | The return value of the function is the length of | |
207 | .IR src , | |
208 | which allows truncation to be easily detected: | |
209 | if the return value is greater than or equal to | |
210 | .IR size , | |
211 | truncation occurred. | |
212 | If loss of data matters, the caller | |
213 | .I must | |
214 | either check the arguments before the call, | |
215 | or test the function return value. | |
216 | .BR strlcpy () | |
217 | is not present in glibc and is not standardized by POSIX, | |
218 | .\" https://lwn.net/Articles/506530/ | |
219 | but is available on Linux via the | |
220 | .IR libbsd | |
221 | library. | |
fea681da | 222 | .SH BUGS |
60a90ecd MK |
223 | If the destination string of a |
224 | .BR strcpy () | |
9031fc7a JS |
225 | is not large enough, then anything might happen. |
226 | Overflowing fixed-length string buffers is a favorite cracker technique | |
227 | for taking complete control of the machine. | |
228 | Any time a program reads or copies data into a buffer, | |
229 | the program first needs to check that there's enough space. | |
230 | This may be unnecessary if you can show that overflow is impossible, | |
231 | but be careful: programs can get changed over time, | |
232 | in ways that may make the impossible possible. | |
47297adb | 233 | .SH SEE ALSO |
fea681da MK |
234 | .BR bcopy (3), |
235 | .BR memccpy (3), | |
236 | .BR memcpy (3), | |
237 | .BR memmove (3), | |
2cd33eb5 | 238 | .BR stpcpy (3), |
f4d305c9 | 239 | .BR stpncpy (3), |
c7a20d46 | 240 | .BR strdup (3), |
3e5c319e | 241 | .BR string (3), |
fea681da MK |
242 | .BR wcscpy (3), |
243 | .BR wcsncpy (3) |