2

What does the 'l' in strlcpy stand for? I'm certain after asking it will be horribly obvious but I can't seem to dredge up a solid answer anywhere.

rjs
  • 838
  • 2
  • 10
  • 21
  • 2
    You mean you can't find the answer in the [man pages](https://www.freebsd.org/cgi/man.cgi?query=strlcpy&sektion=3)? – Jeff Mercado Feb 04 '15 at 22:39
  • 2
    From [an answer to another SO question](http://stackoverflow.com/a/2115015/434551): "strlcpy is indeed a true limited-length copying function created for working with C-strings.". It seems the `l` in `strlcpy` stands for `limited-length`. – R Sahu Feb 04 '15 at 22:40
  • So it's purely to denote 'length'? I guess as a converse to 'number' / 'n' (`strncpy`) and the confusion surrounding that? – rjs Feb 04 '15 at 22:42
  • @Jeff Mercado, as I said (and had that open while asking) I was unfortunately certain it would be horribly obvious after asking. Thanks though! – rjs Feb 04 '15 at 22:43
  • I'm running ubuntu/linux version 14.04 and strlcpy is not even listed in the man/info pages. Where are the rest of you finding that function? – user3629249 Feb 04 '15 at 22:50
  • @user3629249: it is a (classic) BSD extension. (and it makes sense, since the caller already knows the 1st argument , which is returned by the standard `strcpy()` ) – wildplasser Feb 04 '15 at 22:51
  • I don't have any BSD distro either, but if you follow the link @JeffMercado gave above you can see the contents of the subsequent man page. – rjs Feb 04 '15 at 22:51
  • Just about any C programmer came up with their own "fixed version" of strcpy(). First time I saw it I went "this is completely borken" and wrote strfcpy(). f as in "fixed". So, erm, l as in "limited". – Hans Passant Feb 04 '15 at 23:00
  • 3
    Am I the only one around here who thinks `strcpy` isn't broken – M.M Feb 04 '15 at 23:01

1 Answers1

8

strlcpy was introduced at USENIX 1999 by Todd C. Miller and Theo de Raadt (OpenBSD project).

From the Proceedings paper, strlcpy and strlcat — Consistent, Safe, String Copy and Concatenation, in the abstract it is written:

The proposed replacement functions, strlcpy() and strlcat(), address these problems by presenting an API designed for safe string copies (see Figure 1 for function prototypes). Both functions guarantee NUL-termination, take as a length parameter the size of the string in bytes, and provide an easy way to detect truncation

It is therefore pretty obvious the l stands for length.

ouah
  • 142,963
  • 15
  • 272
  • 331
  • It was a time in history when the reference section in security papers always had [1] Aleph One paper on buffer overflows and [2] Bugtraq mailing listing link. – ouah Feb 04 '15 at 23:48