I could point you to man pages, websites, etc, but ultimately what matters is the C standard itself. As part of the standard runtime library, the usage and behavior is defined in C99-ยง7.23.2.4 as: #include <string.h> char *strncpy(char * restrict s1, const char * restrict s2, size_t n); Description The strncpy function copies not more … Read more
Take a look at this site; it’s a fairly detailed explanation. Basically, strncpy() doesn’t require NUL termination, and is therefore susceptible to a variety of exploits.
strncpy() is not intended to be used as a safer strcpy(), it is supposed to be used to insert one string in the middle of another. All those “safe” string handling functions such as snprintf() and vsnprintf() are fixes that have been added in later standards to mitigate buffer overflow exploits etc. Wikipedia mentions strncat() … Read more
Firstly, strlcpy has never been intended as a secure version of strncpy (and strncpy has never been intended as a secure version of strcpy). These two functions are totally unrelated. strncpy is a function that has no relation to C-strings (i.e. null-terminated strings) at all. The fact that it has the str… prefix in its … Read more
The strncpy() function was designed with a very particular problem in mind: manipulating strings stored in the manner of original UNIX directory entries. These used a short fixed-sized array (14 bytes), and a nul-terminator was only used if the filename was shorter than the array. That’s what’s behind the two oddities of strncpy(): It doesn’t … Read more