are there are equivalent secure string functions in Mac OSX and Linux just like the ones in Windows (strcpy_s,strncpy_s..etc) ?

What about functions that convert between multi-byte and wide characters?

There are two strategies for safe string manipulation. The Linux / glibc maintainers refuse to add safe functions, arguing that you should keep the length of your strings at hand and use memcpy.

On the other hand, Mac OSX includes strlcpy and strlcat from BSD. snprintf and asprintf can be used on both platforms to much the same effect:

size_t strlcpy(char *d, char const *s, size_t n)
{
    return snprintf(d, n, "%s", s);
}

size_t strlcat(char *d, char const *s, size_t n)
{
    return snprintf(d, n, "%s%s", d, s);
}

You could also consider using the BSD implementation found here. If your code will be compiled on multiple platforms, you can test for the presence of glibc using pre-defined library macros:

#if defined __GNU_LIBRARY__ || defined __GLIBC__

    size_t strlcpy(char *, char const *, size_t);
    size_t strlcat(char *, char const *, size_t);

#endif 

Conversion between character encodings is most easily handled using the iconv interface.

OSX has strlcpy and strlcat. Linux doesn't currently have them, to my knowledge, but it's easy enough to bring those functions in from, say, OpenBSD.

You can use gcc's -D_FORTIFY_SOURCE=2 option, for Linux you can go more advanced, for that you should read Secure Programming with gcc & glibc .

If you have to use char buffers (NTBS=Nul terminated byte strings) there are no instrinsically safe string functions. Not even strlen() is safe.

Rather, there are intrinsically unsafe string functions such as gets() and most uses of sprintf(). These are unsafe because you cannot reliably predict the buffer size you need.

The other class of string functions can be used safely provided you keep track of the maximum buffer sizes used and required correctly.

One way to help doing this in C++ is to use a nice class like StringPiece in Google's RE2 package, which is a pointer and length, where the pointer points into an NTBS. By storing the correct length into the StringPiece once, the class can then track the length of various operations. You can write such a class yourself. Doing this will not make your code correct but it will isolate the critical spots (namely, getting the arguments to the constructor right).

In this case, encapsulation is your friend.

The standard C functions to convert between multibyte and wide characters are available: mbtowc(), mbstowcs(), wctomb(), wcstombs() and so on.