The strlcpy function, developed by Todd C. Miller and Theo de Raadt for use in the C programming language, is intended to replace unsafe functions like strcpy and strncpy. It is designed to copy the contents of a string from a source string to a destination string.

    strlcpy(destination, source, size);

strlcpy offers two features that are designed to help software developers avoid problems. A string (of non-zero length) copied by strlcpy is always nul-terminated, making it simpler to locate the end of the string. The function takes the length of the destination, as a parameter, avoiding buffer overflows where a source string is bigger than a destination. For performance reasons, strlcpy does not fill any unused space in a destination string with zeros, unlike strncpy.

strlcpy was first introduced with OpenBSD version 2.4. It has subsequently been adopted by a number of operating systems including FreeBSD (from version 3.3), Solaris and Mac OS X.

Similarly, there is a secure variant of strcat, called strlcat.

External link

• strlcpy and strlcat--Consistent, Safe, String Copy and Concatenation - a paper written by Miller and de Raadt, presented at Usenix 99