3 files changed, 26 insertions, 2 deletions

diff --git a/libtac/include/libtac.h b/libtac/include/libtac.h
index 7b7518f..aad4cbf 100644
--- a/libtac/include/libtac.h
+++ b/libtac/include/libtac.h
@@ -144,6 +144,7 @@ int tac_acct_send(int, int, const char *, char *, char *,
 int tac_acct_read(int, struct areply *);
 void *xcalloc(size_t, size_t);
 void *xrealloc(void *, size_t);
+char *xstrcpy(char *, const char *, size_t);
 char *_tac_check_header(HDR *, int);
 int tac_author_send(int, const char *, char *, char *,
     struct tac_attrib *);
diff --git a/libtac/lib/xalloc.c b/libtac/lib/xalloc.c
index d749b52..8fcce26 100644
--- a/libtac/lib/xalloc.c
+++ b/libtac/lib/xalloc.c
@@ -41,7 +41,7 @@ void *xrealloc(void *ptr, size_t size) {
     return val;
 }
 
-char *xstrdup(char *s) {
+char *xstrdup(const char *s) {
     char *p;
     if (s == NULL) return NULL;
 
@@ -51,3 +51,26 @@ char *xstrdup(char *s) {
     }
     return p;
 }
+
+
+/*
+    safe string copy that aborts when destination buffer is too small
+*/
+char *xstrcpy(char *dst, const char *src, size_t dst_size) {
+    if (dst == NULL) {
+        TACSYSLOG((LOG_ERR, "xstrcpy(): dst == NULL"));
+    }
+    if (src == NULL) {
+        TACSYSLOG((LOG_ERR, "xstrcpy(): src == NULL"));
+    }
+    if (!dst_size)
+        return NULL;
+
+    if (strlen(src) >= dst_size) {
+        TACSYSLOG((LOG_ERR, "xstrcpy(): argument too long, aborting"));
+        abort();
+    }
+
+    return strcpy(dst, src);
+}
+
diff --git a/libtac/lib/xalloc.h b/libtac/lib/xalloc.h
index 70bc666..196cc9f 100644
--- a/libtac/lib/xalloc.h
+++ b/libtac/lib/xalloc.h
@@ -27,7 +27,7 @@
 __BEGIN_DECLS
 extern void *xcalloc(size_t nmemb, size_t size);
 extern void *xrealloc(void *ptr, size_t size);
-extern char *xstrdup(char *s);
+extern char *xstrdup(const char *s);
 __END_DECLS
 
 #endif