strncpy and other major problems are still not overflow, but full of the buffer is not added 0 terminator, previously in the project itself also wrote a safe_strcpy now found already
http://blog.csdn.net/linyt/article/details/4383328
Look for a bit, the code can be in the Libbsd inside
/* * Appends src to string dst of size siz (unlike strncat, siz is the * full size of dst, not space left). At most siz-1 characters * will be copied. Always NUL terminates (unless siz <= strlen(dst)). * Returns strlen(src) + MIN(siz, strlen(initial dst)). * If retval >= siz, truncation occurred. */size_tstrlcat(char*dst, constchar*src, size_tsiz){ char*d = dst; constchar*s = src; size_tn = siz; size_tdlen; /* Find the end of dst and adjust bytes left but don‘t go past end */ while(n-- != 0 && *d != ‘\0‘) d++; dlen = d - dst; n = siz - dlen; if(n == 0) return(dlen + strlen(s)); while(*s != ‘\0‘) { if(n != 1) { *d++ = *s; n--; } s++; } *d = ‘\0‘; return(dlen + (s - src)); /* count does not include NUL */}/* * Copy src to string dst of size siz. At most siz-1 characters * will be copied. Always NUL terminates (unless siz == 0). * Returns strlen(src); if retval >= siz, truncation occurred. */size_tstrlcpy(char*dst, constchar*src, size_tsiz){ char*d = dst; constchar*s = src; size_tn = siz; /* Copy as many bytes as will fit */ if(n != 0) { while(--n != 0) { if((*d++ = *s++) == ‘\0‘) break; } } /* Not enough room in dst, add NUL and traverse rest of src */ if(n == 0) { if(siz != 0) *d = ‘\0‘; /* NUL-terminate dst */ while(*s++) ; } return(s - src - 1); /* count does not include NUL */} |
strlcpy and Strlcat
