Why is strncpy insecure?
Take a look at this site; it’s a fairly detailed explanation. Basically, strncpy() doesn’t require NUL termination, and is therefore susceptible to a variety of exploits.
strncpy
Why does strncpy not null terminate?
strncpy() is not intended to be used as a safer strcpy(), it is supposed to be used to insert one string in the middle of another. All those “safe” string handling functions such as snprintf() and vsnprintf() are fixes that have been added in later standards to mitigate buffer overflow exploits etc. Wikipedia mentions strncat() … Read more
Why are strlcpy and strlcat considered insecure?
Firstly, strlcpy has never been intended as a secure version of strncpy (and strncpy has never been intended as a secure version of strcpy). These two functions are totally unrelated. strncpy is a function that has no relation to C-strings (i.e. null-terminated strings) at all. The fact that it has the str… prefix in its … Read more
Why should you use strncpy instead of strcpy?
The strncpy() function was designed with a very particular problem in mind: manipulating strings stored in the manner of original UNIX directory entries. These used a short fixed-sized array (14 bytes), and a nul-terminator was only used if the filename was shorter than the array. That’s what’s behind the two oddities of strncpy(): It doesn’t … Read more