feat(lib): implement strnlen secure and strcpy secure function

Implement safer version of 'strnlen' function to handle NULL terminated strings with additional bound checking and secure version of string copy function to support better security and avoid destination buffer overflow. Change-Id: I93916f003b192c1c6da6a4f78a627c8885db11d9 Signed-off-by: Jit Loon Lim <jit.loon.lim@altera.com> Signed-off-by: Girisha Dengi <girisha.dengi@intel.com>
2025-04-11 07:04:22 +00:00 · 2025-03-17 16:25:53 +08:00 · 2025-03-17 16:25:53 +08:00 · eb088894dc
commit eb088894dc
parent 5a16264208
4 changed files with 66 additions and 0 deletions
--- a/include/lib/libc/string.h
+++ b/include/lib/libc/string.h
@ -30,5 +30,7 @@ char *strrchr(const char *p, int ch);
 size_t strlcpy(char * dst, const char * src, size_t dsize);
 size_t strlcat(char * dst, const char * src, size_t dsize);
 char *strtok_r(char *s, const char *delim, char **last);
+size_t strnlen_secure(const char *str, size_t maxlen);
+int strcpy_secure(char *restrict dest, size_t dest_size, const char *restrict src);

 #endif /* STRING_H */
--- a/lib/libc/libc_common.mk
+++ b/lib/libc/libc_common.mk
@ -21,9 +21,11 @@ LIBC_SRCS	:=	$(addprefix lib/libc/,		\
 			snprintf.c			\
 			strchr.c			\
 			strcmp.c			\
+			strcpy_secure.c		\
 			strlcat.c			\
 			strlcpy.c			\
 			strlen.c			\
+			strnlen_secure.c	\
 			strncmp.c			\
 			strnlen.c			\
 			strrchr.c			\
--- a/lib/libc/strcpy_secure.c
+++ b/lib/libc/strcpy_secure.c
@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2024-2025, Altera Corporation. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <errno.h>
+#include <stddef.h>
+#include <string.h>
+#include <stdint.h>
+
+int strcpy_secure(char *restrict dest, size_t dest_size, const char *restrict src)
+{
+	/* Check for null pointers */
+	if ((dest == NULL) || (src == NULL)) {
+		return -EINVAL;
+	}
+
+	/* Check the destination size valid range */
+	if (dest_size == 0) {
+		return -ERANGE;
+	}
+
+	/* Calculate the length of the source string */
+	size_t src_len = strnlen_secure(src, dest_size);
+
+	/* Check if the source string fits in the destination buffer */
+	if (src_len >= dest_size) {
+		/* Set destination to an empty string */
+		dest[0] = '\0';
+		return -ERANGE;
+	}
+
+	/* Copy the source string to the destination */
+	for (dest[src_len] = '\0'; src_len > 0; src_len--) {
+		dest[src_len - 1] = src[src_len - 1];
+	}
+
+	return 0;
+}
--- a/lib/libc/strnlen_secure.c
+++ b/lib/libc/strnlen_secure.c
@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2024-2025, Altera Corporation. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <string.h>
+
+size_t strnlen_secure(const char *str, size_t maxlen)
+{
+	size_t len = 0;
+
+	if (str == NULL) {
+		return 0;
+	}
+
+	while ((len < maxlen) && (str[len] != '\0')) {
+		len++;
+	}
+
+	return len;
+}