...
strncpy()instead ofstrcpy()strncat()instead ofstrcat()fgets()instead ofgets()snprintf()instead ofsprintf()
Wiki Markup strncpy()}} do not guarantee that the resulting string is null terminated \[[STR32-C. Null-terminate byte strings as required]\].
Unintentional truncation results in a loss of data and, in some cases, leads to software vulnerabilities.
...
The standard functions strncpy() and strncat() copy a specified number of characters n characters from a source string to a destination array. If there is no null character in the first n characters of the source array, the result will not be null terminated and any remaining characters are truncated.
...
It is assumed that string_data is null terminated. , that is, a null byte can be found within the bounds of the referenced character array. Otherwise, strlen() will stray into other objects before finding a null byte.
...
| Wiki Markup |
|---|
The {{strcpy_s()}} function defined in \[[ISO/IEC TR 24731-1-2007|AA. C References#ISO/IEC TR 24731-1-2007]\] provides additional safeguards, including accepting the size of the destination buffer as an additional argument \[[STR07-A. Use TR 24731 for remediation of existing string manipulation code]\]. Also, {{strnlen_s()}} accepts a maximum-length argument for strings that may not be null terminated. |
| Code Block | ||
|---|---|---|
| ||
char *string_data;
char a[16];
if (string_data == NULL) {
/* Handle null pointer error */
}
else if (strnlen_s(string_data, sizeof(a)) >= sizeof(a)) {
/* Handle overlong string error */
}
else {
strcpy_s(a, sizeof(a), string_data);
}
|
If a runtime constraint error is detected by either the call to strnlen_s() or strcpy_s(), the currently registered runtime-constraint handler is invoked. See ERR03-A. Use runtime-constraint handlers when calling functions defined by TR24731-1 for more information on using runtime-constraint handlers with TR 24731-1 functions.
Exceptions
STR03-EX1: The intent of the programmer is to intentionally truncate the null-terminated byte string.
...