C++: Add models for strlcpy and strlcat

Author: jketema

cpp/ql/lib/semmle/code/cpp/models/implementations/Strcat.qll

@@ -25,7 +25,8 @@ class StrcatFunction extends TaintFunction, DataFlowFunction, ArrayFunction, Sid
         "_mbsncat", // _mbsncat(dst, src, max_amount)
         "_mbsncat_l", // _mbsncat_l(dst, src, max_amount, locale)
         "_mbsnbcat", // _mbsnbcat(dest, src, count)
-        "_mbsnbcat_l" // _mbsnbcat_l(dest, src, count, locale)
+        "_mbsnbcat_l", // _mbsnbcat_l(dest, src, count, locale)
+        "strlcat" // strncat(dst, src, dst_size)
       ])
   }
 
@@ -51,7 +52,7 @@ class StrcatFunction extends TaintFunction, DataFlowFunction, ArrayFunction, Sid
 
   override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
     (
-      this.getName() = ["strncat", "wcsncat", "_mbsncat", "_mbsncat_l"] and
+      this.getName() = ["strncat", "strlcat", "wcsncat", "_mbsncat", "_mbsncat_l"] and
       input.isParameter(2)
       or
       this.getName() = ["_mbsncat_l", "_mbsnbcat_l"] and

cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll

@@ -32,7 +32,8 @@ class StrcpyFunction extends ArrayFunction, DataFlowFunction, TaintFunction, Sid
         "wcsxfrm_l", // _strxfrm_l(dest, src, max_amount, locale)
         "_mbsnbcpy", // _mbsnbcpy(dest, src, max_amount)
         "stpcpy", // stpcpy(dest, src)
-        "stpncpy" // stpcpy(dest, src, max_amount)
+        "stpncpy", // stpcpy(dest, src, max_amount)
+        "strlcpy" // strlcpy(dst, src, dst_size)
       ])
     or
     (
@@ -60,7 +61,7 @@ class StrcpyFunction extends ArrayFunction, DataFlowFunction, TaintFunction, Sid
     if this.isSVariant()
     then result = 1
     else (
-      this.getName().matches(["%ncpy%", "%nbcpy%", "%xfrm%"]) and
+      this.getName().matches(["%ncpy%", "%nbcpy%", "%xfrm%", "%lcpy%"]) and
       result = 2
     )
   }