lib: strcopy() instead of strcpy() [PROPOSAL]

[bagder]

This function REQUIRES the size of the target buffer as well as the length of the source string. Meant to make it harder to do a bad strcpy().

Discussion item. A proposal. How do we make it better?

[vszakats]

Move to curlx perhaps? It'd allow using it from src (just 2 calls there) and tests (almost 20).

This raises a naming question: it could live as curlx_strcopy there, with an alias of strcopy for lib.
Or just be strcopy in curlx to avoid the complexity, for the price of a naming exception.

Either way, it'd be useful to support it outside lib. It'd allow dropping the clang-tidy
exception -clang-analyzer-security.insecureAPI.strcpy and a last-ish step towards
dropping _CRT_SECURE_NO_WARNINGS.

[bagder]

Move to curlx perhaps? It'd allow using it from src (just 2 calls there) and tests (almost 20).

Yes, agreed. I just paused at this point as I figured this shows the idea and concept to work a discussion starter.

[bagder]

augment review

[bagder]

Potentially we should make the function not touch the target buffer at all if the copy can't be done...

[augmentcode]

🤖 Augment PR Summary

Summary: Introduces a new internal helper curlx_strcopy() to replace many direct strcpy() uses with an API that requires the destination buffer size and the source length.

Changes:

• Adds lib/curlx/strcopy.[ch] and wires it into the lib/src/tests build makefiles
• Replaces multiple strcpy() call sites across libcurl, vtls, vquic, and the curl tool with curlx_strcopy()
• Adjusts a few helper APIs to pass explicit buffer sizes (e.g. progress time/data formatting helpers)
• Tweaks some size calculations around IPv6 formatting/parsing (curlx_inet_ntop / urlapi.c)

Technical Notes: curlx_strcopy() copies exactly slen bytes and NUL-terminates on success, otherwise it leaves an empty string (no truncation).

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 2 suggestions posted.

Comment augment review to trigger a new review at any time.

[Copilot]

Pull request overview

This PR proposes introducing curlx_strcopy() as a safer alternative to strcpy(). The new function requires both the destination buffer size and source string length as parameters, making buffer overflows harder to introduce.

Key changes:

• New curlx/strcopy.c and curlx/strcopy.h files implementing the safer string copy function
• Updates to build files (Makefile.inc) across lib/, src/, and test directories to include the new files
• Replacement of strcpy() calls with curlx_strcopy() across multiple source files, with callers now explicitly passing buffer sizes and string lengths

Reviewed changes

Copilot reviewed 31 out of 31 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
lib/curlx/strcopy.h	Header file defining the curlx_strcopy function signature
lib/curlx/strcopy.c	Implementation of safe string copy with size checking
lib/curlx/inet_ntop.c	Replaces strcpy with curlx_strcopy and removes explicit error handling
lib/curlx/strerr.c	Updates Winsock error handling to use curlx_strcopy
lib/curlx/winapi.c	Updates Windows API error handling to use curlx_strcopy
lib/curlx/curlx.h	Adds include for strcopy.h
lib/Makefile.inc	Adds strcopy.c and strcopy.h to build system
lib/ws.c	Updates WebSocket key generation to use curlx_strcopy
lib/vtls/wolfssl.c	Updates wolfSSL error string handling
lib/vtls/vtls.c	Updates multi-SSL version string handling
lib/vtls/openssl.c	Updates OpenSSL error string handling
lib/vquic/curl_osslq.c	Updates QUIC OpenSSL error string handling
lib/urlapi.c	Fixes buffer size in IPv6 parsing (hlen + 1)
lib/tftp.c	Refactors tftp_option_add to use index-based addressing
lib/strerror.c	Updates SSPI error handling to use curlx_strcopy
lib/strdup.h	Removes trailing blank line
lib/smb.c	Updates SMB protocol path handling
lib/progress.c	Updates progress meter formatting functions with buffer size parameters
lib/mime.c	Updates quoted-printable encoding soft line break handling
lib/imap.c	Updates IMAP response tag initialization
lib/hsts.c	Updates HSTS expiry string handling
lib/hostip.c	Updates localhost canonical name handling
lib/curl_trc.c	Updates error buffer handling
lib/curl_gssapi.c	Updates GSSAPI credential handling
lib/curl_gethostname.c	Updates hostname handling with environment override
lib/content_encoding.c	Updates content encoding string building
src/tool_progress.c	Updates progress display time and data formatting with buffer sizes
src/tool_main.c	Updates memory debug filename handling
src/Makefile.inc	Adds strcopy files to build system
tests/server/Makefile.inc	Adds strcopy.c to test server build
tests/libtest/Makefile.inc	Adds strcopy.c to libtest build

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 30 out of 30 changed files in this pull request and generated 10 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.