--- strcpy.3.orig 2010-04-28 23:38:50.000000000 -0700 +++ strcpy.3 2010-04-29 09:37:17.000000000 -0700 @@ -43,13 +43,27 @@ .Sh SYNOPSIS .In string.h .Ft char * -.Fn stpcpy "char * restrict dst" "const char * restrict src" +.Fo stpcpy +.Fa "char *s1" +.Fa "const char *s2" +.Fc .Ft char * -.Fn stpncpy "char * restrict dst" "const char * restrict src" "size_t len" +.Fo stpncpy +.Fa "char *restrict s1" +.Fa "const char *restrict s2" +.Fa "size_t n" +.Fc .Ft char * -.Fn strcpy "char * restrict dst" "const char * restrict src" +.Fo strcpy +.Fa "char *restrict s1" +.Fa "const char *restrict s2" +.Fc .Ft char * -.Fn strncpy "char * restrict dst" "const char * restrict src" "size_t len" +.Fo strncpy +.Fa "char *restrict s1" +.Fa "const char *restrict s2" +.Fa "size_t n" +.Fc .Sh DESCRIPTION The .Fn stpcpy @@ -57,38 +71,41 @@ and .Fn strcpy functions copy the string -.Fa src +.Fa s2 to -.Fa dst +.Fa s1 (including the terminating .Ql \e0 -character.) +character). .Pp The .Fn stpncpy and .Fn strncpy functions copy at most -.Fa len +.Fa n characters from -.Fa src +.Fa s2 into -.Fa dst . +.Fa s1 . If -.Fa src +.Fa s2 is less than -.Fa len +.Fa n characters long, the remainder of -.Fa dst +.Fa s1 is filled with .Ql \e0 characters. Otherwise, -.Fa dst +.Fa s1 is .Em not terminated. +.Pp +The source and destination strings should not overlap, as the +behavior is undefined. .Sh RETURN VALUES The .Fn strcpy @@ -96,7 +113,7 @@ and .Fn strncpy functions return -.Fa dst . +.Fa s1 . The .Fn stpcpy and @@ -104,15 +121,15 @@ and functions return a pointer to the terminating .Ql \e0 character of -.Fa dst . +.Fa s1 . If .Fn stpncpy does not terminate -.Fa dst +.Fa s1 with a .Dv NUL character, it instead returns a pointer to -.Li dst[n] +.Li s1[n] (which does not necessarily refer to a valid memory location.) .Sh EXAMPLES The following sets @@ -139,7 +156,7 @@ Note that it does .Em not .Tn NUL terminate -.Va chararray +.Va chararray , because the length of the source string is greater than or equal to the length argument. .Pp @@ -169,21 +186,26 @@ This could be better achieved using as shown in the following example: .Pp .Dl "(void)strlcpy(buf, input, sizeof(buf));" -.Pp -Note that because -.Xr strlcpy 3 -is not defined in any standards, it should -only be used when portability is not a concern. .Sh SECURITY CONSIDERATIONS The -.Fn strcpy -function is easily misused in a manner which enables malicious users +.Fn strcpy , +.Fn strncpy , +.Fn stpcpy , +and +.Fn stpncpy +functions are easily misused in a manner which enables malicious users to arbitrarily change a running program's functionality through a buffer overflow attack. (See the FSA and .Sx EXAMPLES . ) +.Pp +It is recommended that +.Xr strlcpy 3 +be used instead as a way to avoid such problems. +.Xr strlcpy 3 +is not defined in any standards, but it has been adopted by most major libc implementations. .Sh SEE ALSO .Xr bcopy 3 , .Xr memccpy 3 ,