Copying data in to a buffer that is not large enough to hold that data results in a buffer overflow. While not limited to Null Terminated Byte Strings (NTBS), this type of error often occurs when manipulating NTBS data. To prevent such errors, limit copies either through truncation (although consult STR03-A. Do not inadvertently truncate a null terminated byte string for problems that may cause) or, preferably, ensure that the destination is of sufficient size to hold the data to be copied. Remember to allocate sufficient space to store the string contents as well as the null-termination character.
| Include Page |
|---|
| c:STR32 STR31 NCCE 1 |
|---|
| c:STR32 STR31 NCCE 1 |
|---|
|
| Include Page |
|---|
| c:STR32 STR31 CS 1 |
|---|
| c:STR32 STR31 CS 1 |
|---|
|
| Include Page |
|---|
| c:STR32 STR31 CS 1 strcpy_s |
|---|
| c:STR32 STR31 CS 1 strcpy_s |
|---|
|
| Include Page |
|---|
| c:STR32 STR31 NCCE 2 getenv |
|---|
| c:STR32 STR31 NCCE 2 getenv |
|---|
|
| Include Page |
|---|
| c:STR32 STR31 CS 2 getenv |
|---|
| c:STR32 STR31 CS 2 getenv |
|---|
|
| Include Page |
|---|
| c:STR31 NCCE memcpy() |
|---|
| c:STR31 NCCE memcpy() |
|---|
|
| Include Page |
|---|
| c:STR31 CS memcpy() |
|---|
| c:STR31 CS memcpy() |
|---|
|
Risk Assessment
Copying data to a buffer that is too small to hold that data results in a buffer overflow. Attackers can use this to execute arbitrary code.
...
