Are there any free implementations of strcpy_s and/or TR24731-1?

Question

I have an old project that is mixed C and C++. It makes extensive use of C strings and of strcpy,strcat,strncpy,strncat etc. I've uncovered a number of buffer overflows, and I'd like to use more secure functions, such as strcpy_s. MSVC includes those functions, but I need something that will work on various platforms - linux, osx, and windows at the least.

I do know of strlcpy, but as plenty of people have noted (example), it really isn't an improvement.

---

So: Are there any free implementations of strcpy_s, strcat_s, etc, or of the entire TR24731-1?

I need something that's either public domain or BSD, but if you know of implementations under other licenses, go ahead and list them - I'm sure someone else will benefit.

Answer 1

Try with the Safe C library. It's under the MIT license and according to this list implements the functions you're looking for:

The Safe C Library provides bound checking memory and string functions per ISO/IEC TR24731. These functions are alternative functions to the existing standard C library that promote safer, more secure programming

Answer 2

You can use memcpy and memset etc, which are portable and safer than string functions.

Answer 3

Why not using strncpy and strncat? Contrary to strlcpy and strlcat, they are standard C functions. These functions are not perfect but you can use them safely.

And also note that the bounds-checking _s functions are optional in the current Standard.