Alternative functions that limit the number of bytes copied are often recommended to mitigate buffer overflow vulnerabilities, for example:
strncpy()instead ofstrcpy()fgets()instead ofgets()snprintf()instead ofsprintf()
These function truncate strings that exceed the specified limits. Additionally, some functions such as strncpy() do not guarantee that the resulting string is null-terminated .
Truncation results in a loss of data, and in some cases, leads to software vulnerabilities.
Non-Compliant Code Example
...
The correct solution depends on the original intent. If your intent was to truncate a string but ensure that the
result was a null-terminated string the following solution can be used.
...
An exception to this rule applies if the intent of the programmer was to convert a null-terminated byte string to a character array. To be compliant with this standard, this intent must be made clear statement in comments.
Priority: P12 Level: L1
Failure to properly null terminate null-termianted byte strings can result in buffer overflows and the execution of arbitrary code with the permissions of the vulnerable process by an attacker.
Component | Value |
|---|---|
Severity | 3 (medium) |
Likelihood | 2 (probable) |
Remediation cost | 2 (medium) |
References
- ISO/IEC 9899-1999 Section 7.1.1 Definitions of terms, Section 7.21 String handling <string.2.4 The strncpy functionh>
- Seacord 05 Chapter 2 Strings
- ISO/IEC 9899-1999TR 24731-2006 Section 6.7.211.3 .2 The strncat functionSAMATE Reference Dataset Test Case ID 000-000-004strcpy_s function