Index: head/lib/libc/string/memcpy.3
===================================================================
--- head/lib/libc/string/memcpy.3	(revision 325764)
+++ head/lib/libc/string/memcpy.3	(revision 325765)
@@ -1,88 +1,93 @@
 .\" Copyright (c) 1990, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
 .\"
 .\" This code is derived from software contributed to Berkeley by
 .\" Chris Torek and the American National Standards Committee X3,
 .\" on Information Processing Systems.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\" 3. Neither the name of the University nor the names of its contributors
 .\"    may be used to endorse or promote products derived from this software
 .\"    without specific prior written permission.
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)memcpy.3	8.1 (Berkeley) 6/4/93
 .\" $FreeBSD$
 .\"
 .Dd June 4, 1993
 .Dt MEMCPY 3
 .Os
 .Sh NAME
 .Nm memcpy
 .Nd copy byte string
 .Sh LIBRARY
 .Lb libc
 .Sh SYNOPSIS
 .In string.h
 .Ft void *
 .Fn memcpy "void *dst" "const void *src" "size_t len"
 .Sh DESCRIPTION
 The
 .Fn memcpy
 function
 copies
 .Fa len
 bytes from string
 .Fa src
 to string
 .Fa dst .
+If
+.Fa src
+and
+.Fa dst
+overlap, the results are not defined.
 .Sh RETURN VALUES
 The
 .Fn memcpy
 function
 returns the original value of
 .Fa dst .
 .Sh SEE ALSO
 .Xr bcopy 3 ,
 .Xr memccpy 3 ,
 .Xr memmove 3 ,
 .Xr strcpy 3 ,
 .Xr wmemcpy 3
 .Sh STANDARDS
 The
 .Fn memcpy
 function
 conforms to
 .St -isoC .
 .Sh BUGS
 In this implementation
 .Fn memcpy
 is implemented using
 .Xr bcopy 3 ,
 and therefore the strings may overlap.
 On other systems, copying overlapping strings may produce surprises.
 Programs intended to be portable should use
 .Xr memmove 3
 when
 .Fa src
 and
 .Fa dst
 may overlap.
Index: head/lib/libc/string/strcat.3
===================================================================
--- head/lib/libc/string/strcat.3	(revision 325764)
+++ head/lib/libc/string/strcat.3	(revision 325765)
@@ -1,155 +1,165 @@
 .\" Copyright (c) 1990, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
 .\"
 .\" This code is derived from software contributed to Berkeley by
 .\" Chris Torek and the American National Standards Committee X3,
 .\" on Information Processing Systems.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\" 3. Neither the name of the University nor the names of its contributors
 .\"    may be used to endorse or promote products derived from this software
 .\"    without specific prior written permission.
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)strcat.3	8.1 (Berkeley) 6/4/93
 .\" $FreeBSD$
 .\"
 .Dd December 1, 2009
 .Dt STRCAT 3
 .Os
 .Sh NAME
 .Nm strcat ,
 .Nm strncat
 .Nd concatenate strings
 .Sh LIBRARY
 .Lb libc
 .Sh SYNOPSIS
 .In string.h
 .Ft char *
 .Fn strcat "char * restrict s" "const char * restrict append"
 .Ft char *
 .Fn strncat "char * restrict s" "const char * restrict append" "size_t count"
 .Sh DESCRIPTION
 The
 .Fn strcat
 and
 .Fn strncat
 functions
 append a copy of the null-terminated string
 .Fa append
 to the end of the null-terminated string
 .Fa s ,
 then add a terminating
 .Ql \e0 .
 The string
 .Fa s
 must have sufficient space to hold the result.
+If
+.Fa s
+and
+.Fa append
+overlap, the results are undefined.
 .Pp
 The
 .Fn strncat
 function
 appends not more than
 .Fa count
 characters from
 .Fa append ,
 and then adds a terminating
 .Ql \e0 .
+If
+.Fa s
+and
+.Fa append
+overlap, the results are undefined.
 .Sh RETURN VALUES
 The
 .Fn strcat
 and
 .Fn strncat
 functions
 return the pointer
 .Fa s .
 .Sh SEE ALSO
 .Xr bcopy 3 ,
 .Xr memccpy 3 ,
 .Xr memcpy 3 ,
 .Xr memmove 3 ,
 .Xr strcpy 3 ,
 .Xr strlcat 3 ,
 .Xr strlcpy 3 ,
 .Xr wcscat 3
 .Sh STANDARDS
 The
 .Fn strcat
 and
 .Fn strncat
 functions
 conform to
 .St -isoC .
 .Sh SECURITY CONSIDERATIONS
 The
 .Fn strcat
 function is easily misused in a manner
 which enables malicious users to arbitrarily change
 a running program's functionality through a buffer overflow attack.
 .Pp
 Avoid using
 .Fn strcat .
 Instead, use
 .Fn strncat
 or
 .Fn strlcat
 and ensure that no more characters are copied to the destination buffer
 than it can hold.
 .Pp
 Note that
 .Fn strncat
 can also be problematic.
 It may be a security concern for a string to be truncated at all.
 Since the truncated string will not be as long as the original,
 it may refer to a completely different resource
 and usage of the truncated resource
 could result in very incorrect behavior.
 Example:
 .Bd -literal
 void
 foo(const char *arbitrary_string)
 {
 	char onstack[8];
 
 #if defined(BAD)
 	/*
 	 * This first strcat is bad behavior.  Do not use strcat!
 	 */
 	(void)strcat(onstack, arbitrary_string);	/* BAD! */
 #elif defined(BETTER)
 	/*
 	 * The following two lines demonstrate better use of
 	 * strncat().
 	 */
 	(void)strncat(onstack, arbitrary_string,
 	    sizeof(onstack) - strlen(onstack) - 1);
 #elif defined(BEST)
 	/*
 	 * These lines are even more robust due to testing for
 	 * truncation.
 	 */
 	if (strlen(arbitrary_string) + 1 >
 	    sizeof(onstack) - strlen(onstack))
 		err(1, "onstack would be truncated");
 	(void)strncat(onstack, arbitrary_string,
 	    sizeof(onstack) - strlen(onstack) - 1);
 #endif
 }
 .Ed
Index: head/lib/libc/string/strcpy.3
===================================================================
--- head/lib/libc/string/strcpy.3	(revision 325764)
+++ head/lib/libc/string/strcpy.3	(revision 325765)
@@ -1,212 +1,222 @@
 .\" Copyright (c) 1990, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
 .\"
 .\" This code is derived from software contributed to Berkeley by
 .\" Chris Torek and the American National Standards Committee X3,
 .\" on Information Processing Systems.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\" 3. Neither the name of the University nor the names of its contributors
 .\"    may be used to endorse or promote products derived from this software
 .\"    without specific prior written permission.
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)strcpy.3	8.1 (Berkeley) 6/4/93
 .\" $FreeBSD$
 .\"
 .Dd February 28, 2009
 .Dt STRCPY 3
 .Os
 .Sh NAME
 .Nm stpcpy, stpncpy, strcpy , strncpy
 .Nd copy strings
 .Sh LIBRARY
 .Lb libc
 .Sh SYNOPSIS
 .In string.h
 .Ft char *
 .Fn stpcpy "char * restrict dst" "const char * restrict src"
 .Ft char *
 .Fn stpncpy "char * restrict dst" "const char * restrict src" "size_t len"
 .Ft char *
 .Fn strcpy "char * restrict dst" "const char * restrict src"
 .Ft char *
 .Fn strncpy "char * restrict dst" "const char * restrict src" "size_t len"
 .Sh DESCRIPTION
 The
 .Fn stpcpy
 and
 .Fn strcpy
 functions
 copy the string
 .Fa src
 to
 .Fa dst
 (including the terminating
 .Ql \e0
 character.)
+If
+.Fa src
+and
+.Fa dst
+overlap, the results are undefined.
 .Pp
 The
 .Fn stpncpy
 and
 .Fn strncpy
 functions copy at most
 .Fa len
 characters from
 .Fa src
 into
 .Fa dst .
 If
 .Fa src
 is less than
 .Fa len
 characters long,
 the remainder of
 .Fa dst
 is filled with
 .Ql \e0
 characters.
 Otherwise,
 .Fa dst
 is
 .Em not
 terminated.
+If
+.Fa src
+and
+.Fa dst
+overlap, the results are undefined.
 .Sh RETURN VALUES
 The
 .Fn strcpy
 and
 .Fn strncpy
 functions
 return
 .Fa dst .
 The
 .Fn stpcpy
 and
 .Fn stpncpy
 functions return a pointer to the terminating
 .Ql \e0
 character of
 .Fa dst .
 If
 .Fn stpncpy
 does not terminate
 .Fa dst
 with a
 .Dv NUL
 character, it instead returns a pointer to
 .Li dst[n]
 (which does not necessarily refer to a valid memory location.)
 .Sh EXAMPLES
 The following sets
 .Va chararray
 to
 .Dq Li abc\e0\e0\e0 :
 .Bd -literal -offset indent
 char chararray[6];
 
 (void)strncpy(chararray, "abc", sizeof(chararray));
 .Ed
 .Pp
 The following sets
 .Va chararray
 to
 .Dq Li abcdef :
 .Bd -literal -offset indent
 char chararray[6];
 
 (void)strncpy(chararray, "abcdefgh", sizeof(chararray));
 .Ed
 .Pp
 Note that it does
 .Em not
 .Tn NUL
 terminate
 .Va chararray
 because the length of the source string is greater than or equal
 to the length argument.
 .Pp
 The following copies as many characters from
 .Va input
 to
 .Va buf
 as will fit and
 .Tn NUL
 terminates the result.
 Because
 .Fn strncpy
 does
 .Em not
 guarantee to
 .Tn NUL
 terminate the string itself, this must be done explicitly.
 .Bd -literal -offset indent
 char buf[1024];
 
 (void)strncpy(buf, input, sizeof(buf) - 1);
 buf[sizeof(buf) - 1] = '\e0';
 .Ed
 .Pp
 This could be better achieved using
 .Xr strlcpy 3 ,
 as shown in the following example:
 .Pp
 .Dl "(void)strlcpy(buf, input, sizeof(buf));"
 .Pp
 Note that because
 .Xr strlcpy 3
 is not defined in any standards, it should
 only be used when portability is not a concern.
 .Sh SEE ALSO
 .Xr bcopy 3 ,
 .Xr memccpy 3 ,
 .Xr memcpy 3 ,
 .Xr memmove 3 ,
 .Xr strlcpy 3 ,
 .Xr wcscpy 3
 .Sh STANDARDS
 The
 .Fn strcpy
 and
 .Fn strncpy
 functions
 conform to
 .St -isoC .
 The
 .Fn stpcpy
 and
 .Fn stpncpy
 functions conform to
 .St -p1003.1-2008 .
 .Sh HISTORY
 The
 .Fn stpcpy
 function first appeared in
 .Fx 4.4 ,
 and
 .Fn stpncpy
 was added in
 .Fx 8.0 .
 .Sh SECURITY CONSIDERATIONS
 The
 .Fn strcpy
 function is easily misused in a manner which enables malicious users
 to arbitrarily change a running program's functionality through a
 buffer overflow attack.