[thirdparty/man-pages.git] / man3 / strcpy.3

.\" Copyright (C) 1993 David Metcalfe (david@prism.demon.co.uk)
.\"
.\" %%%LICENSE_START(VERBATIM)
.\" Permission is granted to make and distribute verbatim copies of this
.\" manual provided the copyright notice and this permission notice are
.\" preserved on all copies.
.\"
.\" Permission is granted to copy and distribute modified versions of this
.\" manual under the conditions for verbatim copying, provided that the
.\" entire resulting derived work is distributed under the terms of a
.\" permission notice identical to this one.
.\"
.\" Since the Linux kernel and libraries are constantly changing, this
.\" manual page may be incorrect or out-of-date.  The author(s) assume no
.\" responsibility for errors or omissions, or for damages resulting from
.\" the use of the information contained herein.  The author(s) may not
.\" have taken the same level of care in the production of this manual,
.\" which is licensed free of charge, as they might when working
.\" professionally.
.\"
.\" Formatted or processed versions of this manual, if unaccompanied by
.\" the source, must acknowledge the copyright and authors of this work.
.\" %%%LICENSE_END
.\"
.\" References consulted:
.\"     Linux libc source code
.\"     Lewine's _POSIX Programmer's Guide_ (O'Reilly & Associates, 1991)
.\"     386BSD man pages
.\" Modified Sat Jul 24 18:06:49 1993 by Rik Faith (faith@cs.unc.edu)
.\" Modified Fri Aug 25 23:17:51 1995 by Andries Brouwer (aeb@cwi.nl)
.\" Modified Wed Dec 18 00:47:18 1996 by Andries Brouwer (aeb@cwi.nl)
.\" 2007-06-15, Marc Boyer <marc.boyer@enseeiht.fr> + mtk
.\"     Improve discussion of strncpy().
.\"
.TH STRCPY 3  2015-08-08 "GNU" "Linux Programmer's Manual"
.SH NAME
strcpy, strncpy \- copy a string
.SH SYNOPSIS
.nf
.B #include <string.h>
.sp
.BI "char *strcpy(char *" dest ", const char *" src );
.sp
.BI "char *strncpy(char *" dest ", const char *" src ", size_t " n );
.fi
.SH DESCRIPTION
The
.BR strcpy ()
function copies the string pointed to by
.IR src ,
including the terminating null byte (\(aq\\0\(aq),
to the buffer pointed to by
.IR dest .
The strings may not overlap, and the destination string
.I dest
must be large enough to receive the copy.
.IR "Beware of buffer overruns!"
(See BUGS.)
.PP
The
.BR strncpy ()
function is similar, except that at most
.I n
bytes of
.I src
are copied.
.BR Warning :
If there is no null byte
among the first
.I n
bytes of
.IR src ,
the string placed in
.I dest
will not be null-terminated.
.PP
If the length of
.I src
is less than
.IR n ,
.BR strncpy ()
writes additional null bytes to
.I dest
to ensure that a total of
.I n
bytes are written.
.PP
A simple implementation of
.BR strncpy ()
might be:
.in +4n
.nf

char *
strncpy(char *dest, const char *src, size_t n)
{
    size_t i;

    for (i = 0; i < n && src[i] != \(aq\\0\(aq; i++)
        dest[i] = src[i];
    for ( ; i < n; i++)
        dest[i] = \(aq\\0\(aq;

    return dest;
}
.fi
.in
.SH RETURN VALUE
The
.BR strcpy ()
and
.BR strncpy ()
functions return a pointer to
the destination string
.IR dest .
.SH ATTRIBUTES
For an explanation of the terms used in this section, see
.BR attributes (7).
.TS
allbox;
lbw19 lb lb
l l l.
Interface	Attribute	Value
T{
.BR strcpy (),
.BR strncpy ()
T}	Thread safety	MT-Safe
.TE
.SH CONFORMING TO
POSIX.1-2001, POSIX.1-2008, C89, C99, SVr4, 4.3BSD.
.SH NOTES
Some programmers consider
.BR strncpy ()
to be inefficient and error prone.
If the programmer knows (i.e., includes code to test!)
that the size of
.I dest
is greater than
the length of
.IR src ,
then
.BR strcpy ()
can be used.

One valid (and intended) use of
.BR strncpy ()
is to copy a C string to a fixed-length buffer
while ensuring both that the buffer is not overflowed
and that unused bytes in the target buffer are zeroed out
(perhaps to prevent information leaks if the buffer is to be
written to media or transmitted to another process via an
interprocess communication technique).

If there is no terminating null byte in the first
.I n
bytes of
.IR src ,
.BR strncpy ()
produces an unterminated string in
.IR dest .
If
.I buf
has length
.IR buflen ,
you can force termination using something like the following:
.in +4n
.nf

strncpy(buf, str, buflen \- 1);
if (buflen > 0)
    buf[buflen \- 1]= \(aq\\0\(aq;
.fi
.in
.PP
(Of course, the above technique ignores the fact that, if
.I src
contains more than
.I "buflen\ \-\ 1"
bytes, information is lost in the copying to
.IR dest .)
.\"
.SS strlcpy()
Some systems (the BSDs, Solaris, and others) provide the following function:

    size_t strlcpy(char *dest, const char *src, size_t size);

.\" http://static.usenix.org/event/usenix99/full_papers/millert/millert_html/index.html
.\"     "strlcpy and strlcat - consistent, safe, string copy and concatenation"
.\"     1999 USENIX Annual Technical Conference
This function is similar to
.BR strncpy (),
but it copies at most
.I size\-1
bytes to
.IR dest ,
always adds a terminating null byte,
and does not pad the target with (further) null bytes.
This function fixes some of the problems of
.BR strcpy ()
and
.BR strncpy (),
but the caller must still handle the possibility of data loss if
.I size
is too small.
The return value of the function is the length of
.IR src ,
which allows truncation to be easily detected:
if the return value is greater than or equal to
.IR size ,
truncation occurred.
If loss of data matters, the caller
.I must
either check the arguments before the call,
or test the function return value.
.BR strlcpy ()
is not present in glibc and is not standardized by POSIX,
.\" https://lwn.net/Articles/506530/
but is available on Linux via the
.IR libbsd
library.
.SH BUGS
If the destination string of a
.BR strcpy ()
is not large enough, then anything might happen.
Overflowing fixed-length string buffers is a favorite cracker technique
for taking complete control of the machine.
Any time a program reads or copies data into a buffer,
the program first needs to check that there's enough space.
This may be unnecessary if you can show that overflow is impossible,
but be careful: programs can get changed over time,
in ways that may make the impossible possible.
.SH SEE ALSO
.BR bcopy (3),
.BR memccpy (3),
.BR memcpy (3),
.BR memmove (3),
.BR stpcpy (3),
.BR stpncpy (3),
.BR strdup (3),
.BR string (3),
.BR wcscpy (3),
.BR wcsncpy (3)
Commit	Line	Data
fea681da MK	1	.\" Copyright (C) 1993 David Metcalfe (david@prism.demon.co.uk)
fea681da MK	2	.\"
93015253	3	.\" %%%LICENSE_START(VERBATIM)
fea681da MK	4	.\" Permission is granted to make and distribute verbatim copies of this
	5	.\" manual provided the copyright notice and this permission notice are
	6	.\" preserved on all copies.
	7	.\"
	8	.\" Permission is granted to copy and distribute modified versions of this
	9	.\" manual under the conditions for verbatim copying, provided that the
	10	.\" entire resulting derived work is distributed under the terms of a
	11	.\" permission notice identical to this one.
c13182ef	12	.\"
fea681da MK	13	.\" Since the Linux kernel and libraries are constantly changing, this
	14	.\" manual page may be incorrect or out-of-date. The author(s) assume no
	15	.\" responsibility for errors or omissions, or for damages resulting from
	16	.\" the use of the information contained herein. The author(s) may not
	17	.\" have taken the same level of care in the production of this manual,
	18	.\" which is licensed free of charge, as they might when working
	19	.\" professionally.
c13182ef	20	.\"
fea681da MK	21	.\" Formatted or processed versions of this manual, if unaccompanied by
fea681da MK	22	.\" the source, must acknowledge the copyright and authors of this work.
4b72fb64	23	.\" %%%LICENSE_END
fea681da MK	24	.\"
	25	.\" References consulted:
	26	.\" Linux libc source code
	27	.\" Lewine's _POSIX Programmer's Guide_ (O'Reilly & Associates, 1991)
	28	.\" 386BSD man pages
	29	.\" Modified Sat Jul 24 18:06:49 1993 by Rik Faith (faith@cs.unc.edu)
	30	.\" Modified Fri Aug 25 23:17:51 1995 by Andries Brouwer (aeb@cwi.nl)
	31	.\" Modified Wed Dec 18 00:47:18 1996 by Andries Brouwer (aeb@cwi.nl)
616a8140 MK	32	.\" 2007-06-15, Marc Boyer <marc.boyer@enseeiht.fr> + mtk
616a8140 MK	33	.\" Improve discussion of strncpy().
fea681da	34	.\"
460495ca	35	.TH STRCPY 3 2015-08-08 "GNU" "Linux Programmer's Manual"
fea681da MK	36	.SH NAME
	37	strcpy, strncpy \- copy a string
	38	.SH SYNOPSIS
	39	.nf
	40	.B #include <string.h>
	41	.sp
	42	.BI "char strcpy(char " dest ", const char *" src );
	43	.sp
	44	.BI "char strncpy(char " dest ", const char *" src ", size_t " n );
	45	.fi
	46	.SH DESCRIPTION
60a90ecd MK	47	The
60a90ecd MK	48	.BR strcpy ()
46d8df8e MK	49	function copies the string pointed to by
46d8df8e MK	50	.IR src ,
f81fb444	51	including the terminating null byte (\(aq\\0\(aq),
46d8df8e MK	52	to the buffer pointed to by
46d8df8e MK	53	.IR dest .
1c44bd5b	54	The strings may not overlap, and the destination string
46d8df8e MK	55	.I dest
46d8df8e MK	56	must be large enough to receive the copy.
50a24bbc MK	57	.IR "Beware of buffer overruns!"
50a24bbc MK	58	(See BUGS.)
fea681da	59	.PP
60a90ecd MK	60	The
60a90ecd MK	61	.BR strncpy ()
616a8140	62	function is similar, except that at most
46d8df8e MK	63	.I n
	64	bytes of
	65	.I src
	66	are copied.
616a8140 MK	67	.BR Warning :
616a8140 MK	68	If there is no null byte
46d8df8e MK	69	among the first
	70	.I n
	71	bytes of
	72	.IR src ,
	73	the string placed in
	74	.I dest
	75	will not be null-terminated.
fea681da	76	.PP
616a8140	77	If the length of
fea681da	78	.I src
616a8140	79	is less than
fea681da	80	.IR n ,
a638bc3b	81	.BR strncpy ()
11c85ed8	82	writes additional null bytes to
fea681da	83	.I dest
cd90222a MK	84	to ensure that a total of
	85	.I n
	86	bytes are written.
616a8140 MK	87	.PP
	88	A simple implementation of
	89	.BR strncpy ()
	90	might be:
088a639b	91	.in +4n
616a8140 MK	92	.nf
616a8140 MK	93
83e5bed5 MK	94	char *
	95	strncpy(char dest, const char src, size_t n)
	96	{
616a8140 MK	97	size_t i;
616a8140 MK	98
83e5bed5	99	for (i = 0; i < n && src[i] != \(aq\\0\(aq; i++)
616a8140	100	dest[i] = src[i];
83e5bed5	101	for ( ; i < n; i++)
f81fb444	102	dest[i] = \(aq\\0\(aq;
616a8140 MK	103
	104	return dest;
	105	}
	106	.fi
	107	.in
47297adb	108	.SH RETURN VALUE
60a90ecd MK	109	The
	110	.BR strcpy ()
	111	and
	112	.BR strncpy ()
	113	functions return a pointer to
46d8df8e MK	114	the destination string
46d8df8e MK	115	.IR dest .
21b49240	116	.SH ATTRIBUTES
5d876bea PH	117	For an explanation of the terms used in this section, see
	118	.BR attributes (7).
	119	.TS
	120	allbox;
	121	lbw19 lb lb
	122	l l l.
	123	Interface Attribute Value
	124	T{
	125	.BR strcpy (),
21b49240	126	.BR strncpy ()
5d876bea PH	127	T} Thread safety MT-Safe
5d876bea PH	128	.TE
47297adb	129	.SH CONFORMING TO
1f3be1bf	130	POSIX.1-2001, POSIX.1-2008, C89, C99, SVr4, 4.3BSD.
616a8140 MK	131	.SH NOTES
	132	Some programmers consider
	133	.BR strncpy ()
	134	to be inefficient and error prone.
	135	If the programmer knows (i.e., includes code to test!)
46d8df8e MK	136	that the size of
	137	.I dest
	138	is greater than
	139	the length of
	140	.IR src ,
	141	then
616a8140 MK	142	.BR strcpy ()
	143	can be used.
	144
bb96fc35 MK	145	One valid (and intended) use of
	146	.BR strncpy ()
	147	is to copy a C string to a fixed-length buffer
	148	while ensuring both that the buffer is not overflowed
	149	and that unused bytes in the target buffer are zeroed out
1de7d4a1	150	(perhaps to prevent information leaks if the buffer is to be
bb96fc35 MK	151	written to media or transmitted to another process via an
	152	interprocess communication technique).
	153
46d8df8e MK	154	If there is no terminating null byte in the first
	155	.I n
	156	bytes of
	157	.IR src ,
616a8140	158	.BR strncpy ()
46d8df8e MK	159	produces an unterminated string in
46d8df8e MK	160	.IR dest .
3f89ae77 MK	161	If
	162	.I buf
	163	has length
	164	.IR buflen ,
	165	you can force termination using something like the following:
088a639b	166	.in +4n
616a8140 MK	167	.nf
616a8140 MK	168
3f89ae77 MK	169	strncpy(buf, str, buflen \- 1);
	170	if (buflen > 0)
	171	buf[buflen \- 1]= \(aq\\0\(aq;
616a8140 MK	172	.fi
616a8140 MK	173	.in
276d73b6	174	.PP
3f89ae77	175	(Of course, the above technique ignores the fact that, if
276d73b6	176	.I src
3f89ae77 MK	177	contains more than
	178	.I "buflen\ \-\ 1"
	179	bytes, information is lost in the copying to
276d73b6	180	.IR dest .)
159c95e1 MK	181	.\"
159c95e1 MK	182	.SS strlcpy()
bb96fc35 MK	183	Some systems (the BSDs, Solaris, and others) provide the following function:
	184
	185	size_t strlcpy(char dest, const char src, size_t size);
	186
	187	.\" http://static.usenix.org/event/usenix99/full_papers/millert/millert_html/index.html
	188	.\" "strlcpy and strlcat - consistent, safe, string copy and concatenation"
	189	.\" 1999 USENIX Annual Technical Conference
	190	This function is similar to
	191	.BR strncpy (),
	192	but it copies at most
	193	.I size\-1
11c85ed8	194	bytes to
bb96fc35 MK	195	.IR dest ,
	196	always adds a terminating null byte,
	197	and does not pad the target with (further) null bytes.
	198	This function fixes some of the problems of
	199	.BR strcpy ()
	200	and
	201	.BR strncpy (),
	202	but the caller must still handle the possibility of data loss if
	203	.I size
	204	is too small.
	205	The return value of the function is the length of
	206	.IR src ,
	207	which allows truncation to be easily detected:
	208	if the return value is greater than or equal to
	209	.IR size ,
	210	truncation occurred.
	211	If loss of data matters, the caller
	212	.I must
	213	either check the arguments before the call,
	214	or test the function return value.
	215	.BR strlcpy ()
	216	is not present in glibc and is not standardized by POSIX,
	217	.\" https://lwn.net/Articles/506530/
	218	but is available on Linux via the
	219	.IR libbsd
	220	library.
fea681da	221	.SH BUGS
60a90ecd MK	222	If the destination string of a
60a90ecd MK	223	.BR strcpy ()
9031fc7a JS	224	is not large enough, then anything might happen.
	225	Overflowing fixed-length string buffers is a favorite cracker technique
	226	for taking complete control of the machine.
	227	Any time a program reads or copies data into a buffer,
	228	the program first needs to check that there's enough space.
	229	This may be unnecessary if you can show that overflow is impossible,
	230	but be careful: programs can get changed over time,
	231	in ways that may make the impossible possible.
47297adb	232	.SH SEE ALSO
fea681da MK	233	.BR bcopy (3),
	234	.BR memccpy (3),
	235	.BR memcpy (3),
	236	.BR memmove (3),
2cd33eb5	237	.BR stpcpy (3),
f4d305c9	238	.BR stpncpy (3),
c7a20d46	239	.BR strdup (3),
3e5c319e	240	.BR string (3),
fea681da MK	241	.BR wcscpy (3),
fea681da MK	242	.BR wcsncpy (3)