diff --git a/include/proto/sample.h b/include/proto/sample.h
index 268e7a0d2..9b5d02616 100644
--- a/include/proto/sample.h
+++ b/include/proto/sample.h
@@ -74,4 +74,48 @@ struct sample *smp_set_owner(struct sample *smp, struct proxy *px,
 	return smp;
 }
 
+
+/* Returns 1 if a sample may be safely used. It performs a few checks on the
+ * string length versus size, same for the binary version, and ensures that
+ * strings are properly terminated by a zero. If this last point is not granted
+ * but the string is not const, then the \0 is appended. Otherwise it returns 0,
+ * meaning the caller may need to call smp_dup() before going further.
+ */
+static inline
+int smp_is_safe(struct sample *smp)
+{
+	switch (smp->data.type) {
+	case SMP_T_STR:
+		if ((smp->data.u.str.len < 0) ||
+		    (smp->data.u.str.size && smp->data.u.str.len >= smp->data.u.str.size))
+			return 0;
+
+		if (smp->data.u.str.str[smp->data.u.str.len] == 0)
+			return 1;
+
+		if (!smp->data.u.str.size || (smp->flags & SMP_F_CONST))
+			return 0;
+
+		smp->data.u.str.str[smp->data.u.str.len] = 0;
+		return 1;
+
+	case SMP_T_BIN:
+		return (smp->data.u.str.len >= 0) &&
+		       (!smp->data.u.str.size || smp->data.u.str.len <= smp->data.u.str.size);
+
+	default:
+		return 1;
+	}
+}
+
+/* checks that a sample may freely be used, or duplicates it to normalize it.
+ * Returns 1 on success, 0 if the sample must not be used. The function also
+ * checks for NULL to simplify the calling code.
+ */
+static inline
+int smp_make_safe(struct sample *smp)
+{
+	return smp && (smp_is_safe(smp) || smp_dup(smp));
+}
+
 #endif /* _PROTO_SAMPLE_H */