Alternative functions that limit the number of bytes copied are often recommended to mitigate buffer overflow vulnerabilities, for . For example:
strncpy()instead ofstrcpy()strncat()instead ofstrcat()fgets()instead ofgets()snprintf()instead ofsprintf()
| Wiki Markup |
|---|
These functionfunctions truncate strings that exceed the specified limits. Additionally, some functions such as {{strncpy()}} do not guarantee that the resulting string is null-terminated \[[STR33-C|STR33-C. Guarantee that all strings are null-terminated]\]. |
Truncation results in a loss of data and, and in some cases, leads to software vulnerabilities.
Non-Compliant Code Example
The standard function functions strncpy() and strncat() copy a specified number n characters from a source string to a destination array. If there is no null character in the first n characters of the source array, the result is will not be null-terminated and any remaining charactes are truncated.
| Code Block |
|---|
char *string_data; char a[16]; ... strncpy(a, string_data, sizeof(a)); |
...
| Wiki Markup |
|---|
The {{strcpy_s()}} function provides additional safeguards, including accepting the size of the destination buffer as an additional argument \[[STR00-A|STR00-A. Use TR 24731 for remediation of existing string manipulation code]\]. |
...
An exception to this rule applies if the intent of the programmer was to intentionally truncate the null-terminated byte string. To be compliant with this standard, this intent must be made clear statement clearly stated in comments.
Priority: P2 Level: L3
Truncating strings can lead to a loss of data and exploitable vulnerabilities , in some cases, exploitable vulnerabilities.
Component | Value |
|---|---|
Severity | 1 (low) |
Likelihood | 1 (unlikely) |
Remediation cost | 2 (medium) |
...