1 .\" Copyright (C) 1993 David Metcalfe (david@prism.demon.co.uk)
3 .\" Permission is granted to make and distribute verbatim copies of this
4 .\" manual provided the copyright notice and this permission notice are
5 .\" preserved on all copies.
7 .\" Permission is granted to copy and distribute modified versions of this
8 .\" manual under the conditions for verbatim copying, provided that the
9 .\" entire resulting derived work is distributed under the terms of a
10 .\" permission notice identical to this one.
12 .\" Since the Linux kernel and libraries are constantly changing, this
13 .\" manual page may be incorrect or out-of-date. The author(s) assume no
14 .\" responsibility for errors or omissions, or for damages resulting from
15 .\" the use of the information contained herein. The author(s) may not
16 .\" have taken the same level of care in the production of this manual,
17 .\" which is licensed free of charge, as they might when working
20 .\" Formatted or processed versions of this manual, if unaccompanied by
21 .\" the source, must acknowledge the copyright and authors of this work.
23 .\" References consulted:
24 .\" Linux libc source code
25 .\" Lewine's _POSIX Programmer's Guide_ (O'Reilly & Associates, 1991)
27 .\" Modified Sat Jul 24 18:06:49 1993 by Rik Faith (faith@cs.unc.edu)
28 .\" Modified Fri Aug 25 23:17:51 1995 by Andries Brouwer (aeb@cwi.nl)
29 .\" Modified Wed Dec 18 00:47:18 1996 by Andries Brouwer (aeb@cwi.nl)
30 .\" 2007-06-15, Marc Boyer <marc.boyer@enseeiht.fr> + mtk
31 .\" Improve discussion of strncpy().
33 .TH STRCPY 3 2012-07-19 "GNU" "Linux Programmer's Manual"
35 strcpy, strncpy \- copy a string
38 .B #include <string.h>
40 .BI "char *strcpy(char *" dest ", const char *" src );
42 .BI "char *strncpy(char *" dest ", const char *" src ", size_t " n );
47 function copies the string pointed to by \fIsrc\fP,
48 including the terminating null byte (\(aq\\0\(aq),
49 to the buffer pointed to by \fIdest\fP.
50 The strings may not overlap, and the destination string
51 \fIdest\fP must be large enough to receive the copy.
52 .IR "Beware of buffer overruns!"
57 function is similar, except that at most
58 \fIn\fP bytes of \fIsrc\fP are copied.
60 If there is no null byte
61 among the first \fIn\fP bytes of \fIsrc\fP,
62 the string placed in \fIdest\fP will not be null-terminated.
69 writes additional null bytes to
71 to ensure that a total of
75 A simple implementation of
82 strncpy(char *dest, const char *src, size_t n)
86 for (i = 0; i < n && src[i] != \(aq\\0\(aq; i++)
89 dest[i] = \(aq\\0\(aq;
100 functions return a pointer to
101 the destination string \fIdest\fP.
103 SVr4, 4.3BSD, C89, C99.
105 Some programmers consider
107 to be inefficient and error prone.
108 If the programmer knows (i.e., includes code to test!)
109 that the size of \fIdest\fP is greater than
110 the length of \fIsrc\fP, then
114 One valid (and intended) use of
116 is to copy a C string to a fixed-length buffer
117 while ensuring both that the buffer is not overflowed
118 and that unused bytes in the target buffer are zeroed out
119 (perhaps to prevent information leaks if the buffer is to be
120 written to media or transmitted to another process via an
121 interprocess communication technique).
123 If there is no terminating null byte in the first \fIn\fP
126 produces an unterminated string in \fIdest\fP.
127 You can force termination using something like the following:
131 strncpy(buf, str, n);
133 buf[n \- 1]= \(aq\\0\(aq;
137 (Of course, the above technique ignores the fact that
138 information contained in
140 is lost in the copying to
143 Some systems (the BSDs, Solaris, and others) provide the following function:
145 size_t strlcpy(char *dest, const char *src, size_t size);
147 .\" http://static.usenix.org/event/usenix99/full_papers/millert/millert_html/index.html
148 .\" "strlcpy and strlcat - consistent, safe, string copy and concatenation"
149 .\" 1999 USENIX Annual Technical Conference
150 This function is similar to
152 but it copies at most
156 always adds a terminating null byte,
157 and does not pad the target with (further) null bytes.
158 This function fixes some of the problems of
162 but the caller must still handle the possibility of data loss if
165 The return value of the function is the length of
167 which allows truncation to be easily detected:
168 if the return value is greater than or equal to
171 If loss of data matters, the caller
173 either check the arguments before the call,
174 or test the function return value.
176 is not present in glibc and is not standardized by POSIX,
177 .\" https://lwn.net/Articles/506530/
178 but is available on Linux via the
182 If the destination string of a
184 is not large enough, then anything might happen.
185 Overflowing fixed-length string buffers is a favorite cracker technique
186 for taking complete control of the machine.
187 Any time a program reads or copies data into a buffer,
188 the program first needs to check that there's enough space.
189 This may be unnecessary if you can show that overflow is impossible,
190 but be careful: programs can get changed over time,
191 in ways that may make the impossible possible.