[thirdparty/man-pages.git] / man3 / strcpy.3

.\" Copyright (C) 1993 David Metcalfe (david@prism.demon.co.uk)
.\"
.\" %%%LICENSE_START(VERBATIM)
.\" Permission is granted to make and distribute verbatim copies of this
.\" manual provided the copyright notice and this permission notice are
.\" preserved on all copies.
.\"
.\" Permission is granted to copy and distribute modified versions of this
.\" manual under the conditions for verbatim copying, provided that the
.\" entire resulting derived work is distributed under the terms of a
.\" permission notice identical to this one.
.\"
.\" Since the Linux kernel and libraries are constantly changing, this
.\" manual page may be incorrect or out-of-date.  The author(s) assume no
.\" responsibility for errors or omissions, or for damages resulting from
.\" the use of the information contained herein.  The author(s) may not
.\" have taken the same level of care in the production of this manual,
.\" which is licensed free of charge, as they might when working
.\" professionally.
.\"
.\" Formatted or processed versions of this manual, if unaccompanied by
.\" the source, must acknowledge the copyright and authors of this work.
.\" %%%LICENSE_END
.\"
.\" References consulted:
.\"     Linux libc source code
.\"     Lewine's _POSIX Programmer's Guide_ (O'Reilly & Associates, 1991)
.\"     386BSD man pages
.\" Modified Sat Jul 24 18:06:49 1993 by Rik Faith (faith@cs.unc.edu)
.\" Modified Fri Aug 25 23:17:51 1995 by Andries Brouwer (aeb@cwi.nl)
.\" Modified Wed Dec 18 00:47:18 1996 by Andries Brouwer (aeb@cwi.nl)
.\" 2007-06-15, Marc Boyer <marc.boyer@enseeiht.fr> + mtk
.\"     Improve discussion of strncpy().
.\"
.TH STRCPY 3  2019-03-06 "GNU" "Linux Programmer's Manual"
.SH NAME
strcpy, strncpy \- copy a string
.SH SYNOPSIS
.nf
.B #include <string.h>
.PP
.BI "char *strcpy(char *" dest ", const char *" src );
.PP
.BI "char *strncpy(char *" dest ", const char *" src ", size_t " n );
.fi
.SH DESCRIPTION
The
.BR strcpy ()
function copies the string pointed to by
.IR src ,
including the terminating null byte (\(aq\e0\(aq),
to the buffer pointed to by
.IR dest .
The strings may not overlap, and the destination string
.I dest
must be large enough to receive the copy.
.IR "Beware of buffer overruns!"
(See BUGS.)
.PP
The
.BR strncpy ()
function is similar, except that at most
.I n
bytes of
.I src
are copied.
.BR Warning :
If there is no null byte
among the first
.I n
bytes of
.IR src ,
the string placed in
.I dest
will not be null-terminated.
.PP
If the length of
.I src
is less than
.IR n ,
.BR strncpy ()
writes additional null bytes to
.I dest
to ensure that a total of
.I n
bytes are written.
.PP
A simple implementation of
.BR strncpy ()
might be:
.PP
.in +4n
.EX
char *
strncpy(char *dest, const char *src, size_t n)
{
    size_t i;

    for (i = 0; i < n && src[i] != \(aq\e0\(aq; i++)
        dest[i] = src[i];
    for ( ; i < n; i++)
        dest[i] = \(aq\e0\(aq;

    return dest;
}
.EE
.in
.SH RETURN VALUE
The
.BR strcpy ()
and
.BR strncpy ()
functions return a pointer to
the destination string
.IR dest .
.SH ATTRIBUTES
For an explanation of the terms used in this section, see
.BR attributes (7).
.TS
allbox;
lbw19 lb lb
l l l.
Interface	Attribute	Value
T{
.BR strcpy (),
.BR strncpy ()
T}	Thread safety	MT-Safe
.TE
.SH CONFORMING TO
POSIX.1-2001, POSIX.1-2008, C89, C99, SVr4, 4.3BSD.
.SH NOTES
Some programmers consider
.BR strncpy ()
to be inefficient and error prone.
If the programmer knows (i.e., includes code to test!)
that the size of
.I dest
is greater than
the length of
.IR src ,
then
.BR strcpy ()
can be used.
.PP
One valid (and intended) use of
.BR strncpy ()
is to copy a C string to a fixed-length buffer
while ensuring both that the buffer is not overflowed
and that unused bytes in the destination buffer are zeroed out
(perhaps to prevent information leaks if the buffer is to be
written to media or transmitted to another process via an
interprocess communication technique).
.PP
If there is no terminating null byte in the first
.I n
bytes of
.IR src ,
.BR strncpy ()
produces an unterminated string in
.IR dest .
If
.I buf
has length
.IR buflen ,
you can force termination using something like the following:
.PP
.in +4n
.EX
if (buflen > 0) {
    strncpy(buf, str, buflen \- 1);
    buf[buflen \- 1]= \(aq\e0\(aq;
}
.EE
.in
.PP
(Of course, the above technique ignores the fact that, if
.I src
contains more than
.I "buflen\ \-\ 1"
bytes, information is lost in the copying to
.IR dest .)
.\"
.SS strlcpy()
Some systems (the BSDs, Solaris, and others) provide the following function:
.PP
    size_t strlcpy(char *dest, const char *src, size_t size);
.PP
.\" http://static.usenix.org/event/usenix99/full_papers/millert/millert_html/index.html
.\"     "strlcpy and strlcat - consistent, safe, string copy and concatenation"
.\"     1999 USENIX Annual Technical Conference
This function is similar to
.BR strncpy (),
but it copies at most
.I size\-1
bytes to
.IR dest ,
always adds a terminating null byte,
and does not pad the destination with (further) null bytes.
This function fixes some of the problems of
.BR strcpy ()
and
.BR strncpy (),
but the caller must still handle the possibility of data loss if
.I size
is too small.
The return value of the function is the length of
.IR src ,
which allows truncation to be easily detected:
if the return value is greater than or equal to
.IR size ,
truncation occurred.
If loss of data matters, the caller
.I must
either check the arguments before the call,
or test the function return value.
.BR strlcpy ()
is not present in glibc and is not standardized by POSIX,
.\" https://lwn.net/Articles/506530/
but is available on Linux via the
.IR libbsd
library.
.SH BUGS
If the destination string of a
.BR strcpy ()
is not large enough, then anything might happen.
Overflowing fixed-length string buffers is a favorite cracker technique
for taking complete control of the machine.
Any time a program reads or copies data into a buffer,
the program first needs to check that there's enough space.
This may be unnecessary if you can show that overflow is impossible,
but be careful: programs can get changed over time,
in ways that may make the impossible possible.
.SH SEE ALSO
.BR bcopy (3),
.BR memccpy (3),
.BR memcpy (3),
.BR memmove (3),
.BR stpcpy (3),
.BR stpncpy (3),
.BR strdup (3),
.BR string (3),
.BR wcscpy (3),
.BR wcsncpy (3)
Commit	Line	Data
fea681da MK	1	.\" Copyright (C) 1993 David Metcalfe (david@prism.demon.co.uk)
fea681da MK	2	.\"
93015253	3	.\" %%%LICENSE_START(VERBATIM)
fea681da MK	4	.\" Permission is granted to make and distribute verbatim copies of this
	5	.\" manual provided the copyright notice and this permission notice are
	6	.\" preserved on all copies.
	7	.\"
	8	.\" Permission is granted to copy and distribute modified versions of this
	9	.\" manual under the conditions for verbatim copying, provided that the
	10	.\" entire resulting derived work is distributed under the terms of a
	11	.\" permission notice identical to this one.
c13182ef	12	.\"
fea681da MK	13	.\" Since the Linux kernel and libraries are constantly changing, this
	14	.\" manual page may be incorrect or out-of-date. The author(s) assume no
	15	.\" responsibility for errors or omissions, or for damages resulting from
	16	.\" the use of the information contained herein. The author(s) may not
	17	.\" have taken the same level of care in the production of this manual,
	18	.\" which is licensed free of charge, as they might when working
	19	.\" professionally.
c13182ef	20	.\"
fea681da MK	21	.\" Formatted or processed versions of this manual, if unaccompanied by
fea681da MK	22	.\" the source, must acknowledge the copyright and authors of this work.
4b72fb64	23	.\" %%%LICENSE_END
fea681da MK	24	.\"
	25	.\" References consulted:
	26	.\" Linux libc source code
	27	.\" Lewine's _POSIX Programmer's Guide_ (O'Reilly & Associates, 1991)
	28	.\" 386BSD man pages
	29	.\" Modified Sat Jul 24 18:06:49 1993 by Rik Faith (faith@cs.unc.edu)
	30	.\" Modified Fri Aug 25 23:17:51 1995 by Andries Brouwer (aeb@cwi.nl)
	31	.\" Modified Wed Dec 18 00:47:18 1996 by Andries Brouwer (aeb@cwi.nl)
616a8140 MK	32	.\" 2007-06-15, Marc Boyer <marc.boyer@enseeiht.fr> + mtk
616a8140 MK	33	.\" Improve discussion of strncpy().
fea681da	34	.\"
9ba01802	35	.TH STRCPY 3 2019-03-06 "GNU" "Linux Programmer's Manual"
fea681da MK	36	.SH NAME
	37	strcpy, strncpy \- copy a string
	38	.SH SYNOPSIS
	39	.nf
	40	.B #include <string.h>
68e4db0a	41	.PP
fea681da	42	.BI "char strcpy(char " dest ", const char *" src );
68e4db0a	43	.PP
fea681da MK	44	.BI "char strncpy(char " dest ", const char *" src ", size_t " n );
	45	.fi
	46	.SH DESCRIPTION
60a90ecd MK	47	The
60a90ecd MK	48	.BR strcpy ()
46d8df8e MK	49	function copies the string pointed to by
46d8df8e MK	50	.IR src ,
d1a71985	51	including the terminating null byte (\(aq\e0\(aq),
46d8df8e MK	52	to the buffer pointed to by
46d8df8e MK	53	.IR dest .
1c44bd5b	54	The strings may not overlap, and the destination string
46d8df8e MK	55	.I dest
46d8df8e MK	56	must be large enough to receive the copy.
50a24bbc MK	57	.IR "Beware of buffer overruns!"
50a24bbc MK	58	(See BUGS.)
fea681da	59	.PP
60a90ecd MK	60	The
60a90ecd MK	61	.BR strncpy ()
616a8140	62	function is similar, except that at most
46d8df8e MK	63	.I n
	64	bytes of
	65	.I src
	66	are copied.
616a8140 MK	67	.BR Warning :
616a8140 MK	68	If there is no null byte
46d8df8e MK	69	among the first
	70	.I n
	71	bytes of
	72	.IR src ,
	73	the string placed in
	74	.I dest
	75	will not be null-terminated.
fea681da	76	.PP
616a8140	77	If the length of
fea681da	78	.I src
616a8140	79	is less than
fea681da	80	.IR n ,
a638bc3b	81	.BR strncpy ()
11c85ed8	82	writes additional null bytes to
fea681da	83	.I dest
cd90222a MK	84	to ensure that a total of
	85	.I n
	86	bytes are written.
616a8140 MK	87	.PP
	88	A simple implementation of
	89	.BR strncpy ()
	90	might be:
e646a1ba	91	.PP
088a639b	92	.in +4n
e646a1ba	93	.EX
83e5bed5 MK	94	char *
	95	strncpy(char dest, const char src, size_t n)
	96	{
616a8140 MK	97	size_t i;
616a8140 MK	98
d1a71985	99	for (i = 0; i < n && src[i] != \(aq\e0\(aq; i++)
616a8140	100	dest[i] = src[i];
83e5bed5	101	for ( ; i < n; i++)
d1a71985	102	dest[i] = \(aq\e0\(aq;
616a8140 MK	103
	104	return dest;
	105	}
b8302363	106	.EE
616a8140	107	.in
47297adb	108	.SH RETURN VALUE
60a90ecd MK	109	The
	110	.BR strcpy ()
	111	and
	112	.BR strncpy ()
	113	functions return a pointer to
46d8df8e MK	114	the destination string
46d8df8e MK	115	.IR dest .
21b49240	116	.SH ATTRIBUTES
5d876bea PH	117	For an explanation of the terms used in this section, see
	118	.BR attributes (7).
	119	.TS
	120	allbox;
	121	lbw19 lb lb
	122	l l l.
	123	Interface Attribute Value
	124	T{
	125	.BR strcpy (),
21b49240	126	.BR strncpy ()
5d876bea PH	127	T} Thread safety MT-Safe
5d876bea PH	128	.TE
47297adb	129	.SH CONFORMING TO
1f3be1bf	130	POSIX.1-2001, POSIX.1-2008, C89, C99, SVr4, 4.3BSD.
616a8140 MK	131	.SH NOTES
	132	Some programmers consider
	133	.BR strncpy ()
	134	to be inefficient and error prone.
	135	If the programmer knows (i.e., includes code to test!)
46d8df8e MK	136	that the size of
	137	.I dest
	138	is greater than
	139	the length of
	140	.IR src ,
	141	then
616a8140 MK	142	.BR strcpy ()
616a8140 MK	143	can be used.
847e0d88	144	.PP
bb96fc35 MK	145	One valid (and intended) use of
	146	.BR strncpy ()
	147	is to copy a C string to a fixed-length buffer
	148	while ensuring both that the buffer is not overflowed
a12b3059	149	and that unused bytes in the destination buffer are zeroed out
1de7d4a1	150	(perhaps to prevent information leaks if the buffer is to be
bb96fc35 MK	151	written to media or transmitted to another process via an
bb96fc35 MK	152	interprocess communication technique).
847e0d88	153	.PP
46d8df8e MK	154	If there is no terminating null byte in the first
	155	.I n
	156	bytes of
	157	.IR src ,
616a8140	158	.BR strncpy ()
46d8df8e MK	159	produces an unterminated string in
46d8df8e MK	160	.IR dest .
3f89ae77 MK	161	If
	162	.I buf
	163	has length
	164	.IR buflen ,
	165	you can force termination using something like the following:
e646a1ba	166	.PP
088a639b	167	.in +4n
e646a1ba	168	.EX
85bbb2a2 MK	169	if (buflen > 0) {
85bbb2a2 MK	170	strncpy(buf, str, buflen \- 1);
d1a71985	171	buf[buflen \- 1]= \(aq\e0\(aq;
85bbb2a2	172	}
b8302363	173	.EE
616a8140	174	.in
276d73b6	175	.PP
3f89ae77	176	(Of course, the above technique ignores the fact that, if
276d73b6	177	.I src
3f89ae77 MK	178	contains more than
	179	.I "buflen\ \-\ 1"
	180	bytes, information is lost in the copying to
276d73b6	181	.IR dest .)
159c95e1 MK	182	.\"
159c95e1 MK	183	.SS strlcpy()
bb96fc35	184	Some systems (the BSDs, Solaris, and others) provide the following function:
847e0d88	185	.PP
bb96fc35	186	size_t strlcpy(char dest, const char src, size_t size);
847e0d88	187	.PP
bb96fc35 MK	188	.\" http://static.usenix.org/event/usenix99/full_papers/millert/millert_html/index.html
	189	.\" "strlcpy and strlcat - consistent, safe, string copy and concatenation"
	190	.\" 1999 USENIX Annual Technical Conference
	191	This function is similar to
	192	.BR strncpy (),
	193	but it copies at most
	194	.I size\-1
11c85ed8	195	bytes to
bb96fc35 MK	196	.IR dest ,
bb96fc35 MK	197	always adds a terminating null byte,
a12b3059	198	and does not pad the destination with (further) null bytes.
bb96fc35 MK	199	This function fixes some of the problems of
	200	.BR strcpy ()
	201	and
	202	.BR strncpy (),
	203	but the caller must still handle the possibility of data loss if
	204	.I size
	205	is too small.
	206	The return value of the function is the length of
	207	.IR src ,
	208	which allows truncation to be easily detected:
	209	if the return value is greater than or equal to
	210	.IR size ,
	211	truncation occurred.
	212	If loss of data matters, the caller
	213	.I must
	214	either check the arguments before the call,
	215	or test the function return value.
	216	.BR strlcpy ()
	217	is not present in glibc and is not standardized by POSIX,
	218	.\" https://lwn.net/Articles/506530/
	219	but is available on Linux via the
	220	.IR libbsd
	221	library.
fea681da	222	.SH BUGS
60a90ecd MK	223	If the destination string of a
60a90ecd MK	224	.BR strcpy ()
9031fc7a JS	225	is not large enough, then anything might happen.
	226	Overflowing fixed-length string buffers is a favorite cracker technique
	227	for taking complete control of the machine.
	228	Any time a program reads or copies data into a buffer,
	229	the program first needs to check that there's enough space.
	230	This may be unnecessary if you can show that overflow is impossible,
	231	but be careful: programs can get changed over time,
	232	in ways that may make the impossible possible.
47297adb	233	.SH SEE ALSO
fea681da MK	234	.BR bcopy (3),
	235	.BR memccpy (3),
	236	.BR memcpy (3),
	237	.BR memmove (3),
2cd33eb5	238	.BR stpcpy (3),
f4d305c9	239	.BR stpncpy (3),
c7a20d46	240	.BR strdup (3),
3e5c319e	241	.BR string (3),
fea681da MK	242	.BR wcscpy (3),
fea681da MK	243	.BR wcsncpy (3)