feat(lib): implement strnlen secure and strcpy secure function
Implement safer version of 'strnlen' function
to handle NULL terminated strings with additional
bound checking and secure version of string copy function
to support better security and avoid destination
buffer overflow.
Change-Id: I93916f003b192c1c6da6a4f78a627c8885db11d9
Signed-off-by: Jit Loon Lim <jit.loon.lim@altera.com>
Signed-off-by: Girisha Dengi <girisha.dengi@intel.com>
diff --git a/include/lib/libc/string.h b/include/lib/libc/string.h
index 8129404..bba9816 100644
--- a/include/lib/libc/string.h
+++ b/include/lib/libc/string.h
@@ -30,5 +30,7 @@
size_t strlcpy(char * dst, const char * src, size_t dsize);
size_t strlcat(char * dst, const char * src, size_t dsize);
char *strtok_r(char *s, const char *delim, char **last);
+size_t strnlen_secure(const char *str, size_t maxlen);
+int strcpy_secure(char *restrict dest, size_t dest_size, const char *restrict src);
#endif /* STRING_H */
diff --git a/lib/libc/libc_common.mk b/lib/libc/libc_common.mk
index 5f44bd5..3b83216 100644
--- a/lib/libc/libc_common.mk
+++ b/lib/libc/libc_common.mk
@@ -21,9 +21,11 @@
snprintf.c \
strchr.c \
strcmp.c \
+ strcpy_secure.c \
strlcat.c \
strlcpy.c \
strlen.c \
+ strnlen_secure.c \
strncmp.c \
strnlen.c \
strrchr.c \
diff --git a/lib/libc/strcpy_secure.c b/lib/libc/strcpy_secure.c
new file mode 100644
index 0000000..6f8de29
--- /dev/null
+++ b/lib/libc/strcpy_secure.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2024-2025, Altera Corporation. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <errno.h>
+#include <stddef.h>
+#include <string.h>
+#include <stdint.h>
+
+int strcpy_secure(char *restrict dest, size_t dest_size, const char *restrict src)
+{
+ /* Check for null pointers */
+ if ((dest == NULL) || (src == NULL)) {
+ return -EINVAL;
+ }
+
+ /* Check the destination size valid range */
+ if (dest_size == 0) {
+ return -ERANGE;
+ }
+
+ /* Calculate the length of the source string */
+ size_t src_len = strnlen_secure(src, dest_size);
+
+ /* Check if the source string fits in the destination buffer */
+ if (src_len >= dest_size) {
+ /* Set destination to an empty string */
+ dest[0] = '\0';
+ return -ERANGE;
+ }
+
+ /* Copy the source string to the destination */
+ for (dest[src_len] = '\0'; src_len > 0; src_len--) {
+ dest[src_len - 1] = src[src_len - 1];
+ }
+
+ return 0;
+}
diff --git a/lib/libc/strnlen_secure.c b/lib/libc/strnlen_secure.c
new file mode 100644
index 0000000..36b3571
--- /dev/null
+++ b/lib/libc/strnlen_secure.c
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2024-2025, Altera Corporation. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <string.h>
+
+size_t strnlen_secure(const char *str, size_t maxlen)
+{
+ size_t len = 0;
+
+ if (str == NULL) {
+ return 0;
+ }
+
+ while ((len < maxlen) && (str[len] != '\0')) {
+ len++;
+ }
+
+ return len;
+}