From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) by sourceware.org (Postfix) with ESMTPS id 70DA63858D1E for ; Fri, 10 Nov 2023 11:23:31 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 70DA63858D1E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=jguk.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=jguk.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 70DA63858D1E Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a00:1450:4864:20::12f ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1699615413; cv=none; b=IE5E7XBCmHuMuio6pgDnuW6tMRQEh1KF5ynHd22taYrG4b9xH1SfSGsGSX3vDcB55X8+RUgcxB4tKqhhpEInPjk8yIzNXsX+wnMZ4OfoGySUx/oBq0iOYCuDvrUWioCFAJ8/WwmCxCJzzvTAjlsHfX/JZ8bEC+OUJ4Fdh9QKiv4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1699615413; c=relaxed/simple; bh=8EfNtEl3toRlrIlxlF3omTM2NuGCGI6WK6/6WAaIyjQ=; h=DKIM-Signature:Message-ID:Date:MIME-Version:From:Subject:To; b=NmEcYV2T1is+30WundVWL6i4Smqyzd02Pvlk7RKT05OSAv7hOgJ/F28FQIGetzKeLdfptcxPAy1H0W1eV4G7GSJKomxX/tc+9vY0a9CgDTR5kIq1H2AOVo5XH2+O5eMubr/JUw5yGn7ujfgOzKIBmxAK7NsJt26ks/X/zlA5BdQ= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-lf1-x12f.google.com with SMTP id 2adb3069b0e04-507e85ebf50so2434614e87.1 for ; Fri, 10 Nov 2023 03:23:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jguk.org; s=google; t=1699615409; x=1700220209; darn=sourceware.org; h=content-transfer-encoding:in-reply-to:content-language:references :cc:to:subject:from:user-agent:mime-version:date:message-id:from:to :cc:subject:date:message-id:reply-to; bh=jSDSWKR4bBJWztXD5HYnU+cgHiy2SZodKyOWp7zvZx8=; b=PbCmGlfeW6y7BT+jjlxeoKKiUQ8utjsvKYMvR5FBdCkG579nsQlVQXIpukKm6HRw/l QfOBtnIkOYHumTMJkMeukiywizKD9R/KJ8Vm/3psQ7qdPsF3OPXRGRsTrNKoDsuCnwIr QL1+i9IpDfDXQC7g7tsvmii2q/25K2yhxLCCJs6j3Me4Ejnedxw/RVC8CrWJH9NtZjvP f+8hmpcQk5L3rRb4SLBDBYez7o9Mnf9I+LRwWNkZRAdwNlHjjn5QS/lJXsTdhB1PzCuM dFnjm5gtb+kgY6MmcT/a+dhKwfsqtkOJjpe4Qk8C68/z8IYOUs8NgxJEyxSgjfv5cgQy V8Nw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699615409; x=1700220209; h=content-transfer-encoding:in-reply-to:content-language:references :cc:to:subject:from:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=jSDSWKR4bBJWztXD5HYnU+cgHiy2SZodKyOWp7zvZx8=; b=nxOfv/ZhbrvGofJF+9Bj0oHjCXa7VXmUVcsaH2WQ6fJDUAiP6C95wuf01bHuOuSbFa o5ZuUIkMGNKEEua1xILgH30thMO8JYfhQPXsCqZSmWWaEi+1RlvSdKpPyC1z3imKJY4Z QfC981WO2Q7143BUnAsU1HNqrTzot5Xdg+z6MXLbbU8OWxBUymederpTpecTjdDDwlPx s51IGwRzwQ94uEKtErmci7/NT2gLbaYBKvuOp07NXSt/lrhVnR3jwqi48KClcmuDPOhS cMCNNcPp/tYi9IqeL/ZZ0LM9cqnkXAIttzu8IugAWak/rAvpFTAsVfKcpRa680ua5DQW 5rdw== X-Gm-Message-State: AOJu0YzuhwHIY2GhDCAkyx0yIO44DDB5kv+ehF29325J+QI741JKhGPi iotDwipDi/QQbDCmL/dGDJptnA== X-Google-Smtp-Source: AGHT+IEOhJ4gNlR9QiBj6JLwU76Esa2hXaav/FXaOfLPCjf/FjkWWiy4xDHqLvt4NKcCWWnbzhKyKQ== X-Received: by 2002:a19:740d:0:b0:503:2561:adbc with SMTP id v13-20020a19740d000000b005032561adbcmr3446776lfe.64.1699615409276; Fri, 10 Nov 2023 03:23:29 -0800 (PST) Received: from [192.168.0.12] (cpc87345-slou4-2-0-cust172.17-4.cable.virginm.net. [81.101.252.173]) by smtp.gmail.com with ESMTPSA id p15-20020a05600c1d8f00b004053a6b8c41sm4926832wms.12.2023.11.10.03.23.28 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 10 Nov 2023 03:23:28 -0800 (PST) Message-ID: Date: Fri, 10 Nov 2023 11:23:28 +0000 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Jonny Grant Subject: Re: strncpy clarify result may not be null terminated To: Alejandro Colomar Cc: Matthew House , linux-man , GNU C Library References: <20231108021240.176996-1-mattlloydhouse@gmail.com> <20231109031345.245703-1-mattlloydhouse@gmail.com> <250e0401-2eaa-461f-ae20-a7f44d0bc5ad@jguk.org> Content-Language: en-GB In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 09/11/2023 11:38, Alejandro Colomar wrote: > Hi Jonny, > > On Thu, Nov 09, 2023 at 10:31:49AM +0000, Jonny Grant wrote: >>> Probably the only way to solve the cleverness issue for good is to have an >>> immediately-available, foolproof, performant set of string functions that >>> are extremely straightforward to understand and use, flexible enough for >>> any use case, and generally agreed to be the first choice for string >>> manipulation. >> >> What's the best standardized function for C string copying in your > > strlcpy(3) will soon be standard. POSIX.1-202x (Issue 8) will add it, > which is why it's been added recently to glibc. Hopefully, ISO C3x will > follow (yeah, it's not like tomorrow). > >> opinion? They all seem to have drawbacks, strlcpy truncates (I'd >> rather it rejected if it didn't have enough buffer - could cause >> issues if the meaning of the string changed due to truncation, eg if >> it was a file path). Other alternative functions aren't widely in use. > > If you are consistent in checking the return value of strlcpy(3) and > reporting an error, it's the best standard alternative nowadays. > snprintf(3), except for using int instead of size_t, has an equivalent > API, and is in C99, in case that means something. > > If you would want to write something based on Michael Kerrisk's article, > you could do this: > > ssize_t > strxcpy(char *restrict dst, char *restrict src, size_t dsize) > { > if (strlen(src) < dsize) > return -1; > > strcpy(dst, src); > } > > You may also want to calculate 'dsize' automagically, to avoid human > error, in case it's an array, so you could write a macro on top of it: > > #define STRXCPY(dst, src) strxcpy(dst, src, ARRAY_SIZE(dst)) > > These are just small wrappers over standard functions, so you shouldn't > have problems adding them to your project. > > This is my long term plan for shadow-utils, indeed. I'm first > transforming strncpy(3) calls into strlcpy(3) to remove the superfluous > padding, and later will use this strxcpy() to remove the truncated > strings to avoid misinterpretation. > > Cheers, > Alex > >> >> Kind regards, Jonny > Yes, I like to look for a libc library function before writing my own wrapper, but I would consider something like strxcpy. snprintf will truncate if not enough space, but will then return the number of bytes that would have been written had there not been truncation. So one could use snprintf on an array buffer on the stack, and then if truncation, discard the buffer and return an error, otherwise carry on using the string (that wasn't truncated). Re strlcpy I see BSD man page gives some examples how to check for truncation by strlcpy. Perhaps examples could be added to linux kernel man page. https://man.freebsd.org/cgi/man.cgi?query=strlcat&sektion=3 Kind regards, Jonny