X-Authentication-Warning: delorie.com: mail set sender to geda-user-bounces using -f
X-Authentication-Warning: envy.delorie.com: dj set sender to dj AT delorie DOT com using -f
From: DJ Delorie <dj AT delorie DOT com>
To: geda-user AT delorie DOT com
Subject: Re: [geda-user] strncpy in pcb
In-Reply-To: <20230202154018.8BD4085E50B5@turkos.aspodata.se>
 (geda-user AT delorie DOT com)
Date: Thu, 02 Feb 2023 12:34:34 -0500
Message-ID: <xn7cx02cph.fsf@envy.delorie.com>
MIME-Version: 1.0
Content-Type: text/plain
Reply-To: geda-user AT delorie DOT com
Errors-To: nobody AT delorie DOT com
X-Mailing-List: geda-user AT delorie DOT com
X-Unsubscribes-To: listserv AT delorie DOT com
Precedence: bulk

"karl AT aspodata DOT se [via geda-user AT delorie DOT com]" <geda-user AT delorie DOT com>
writes:
> Generally, it would be best to use the form:
>  strncpy(dst,src,sizeof(dst)-1)

The problem with strncpy is that it doesn't always NUL-terminate the
destination, even in the case above.  If the source string length
happens to be the same as the specified size, no NUL is written, you
have a non-terminated string, and it's a security issue assuming it
doesn't just crash.

What is needed is a function that:

1. Copies the whole string, including NUL, if it fits, or

2. Fails safely if it doesn't.

strncpy can't be made to do that.  Neither can strlcpy for that matter.
strcpy_s can but it isn't generally available yet.

What we need is something like:

pcb_strcpy (s, d, l)
{
  i = strlen(s);
  if (i+1 <= l)
    memcpy (s, d, i+1)
  else
    abort()
}