...
A good example is the null-terminated byte string type in C. If a string lacks the terminating null character, the program may be tricked into accessing storage after the string as legitimate data. A program may, as a result, process a string it should not process, which might be a security flaw in itself. It may also cause the program to abort, which might be a denial-of-service attack.
The emphasis of this rule recommendation is to avoid producing unterminated strings; it does not address processing of already existing unterminated strings. However, by preventing the creation of unterminated strings, the need to process them is greatly lessened.
...
Compliant Solution (strncpy_s(), C11 C11 Annex K)
The C11 Annex K strncpy_s() function copies up to n characters from the source array to a destination array [ISO/IEC 9899:2011]. If no null character was copied from the source array, the nth position in the destination array is set to a null character, guaranteeing that the resulting string is null-terminated.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
API07-C | mediumMedium | unlikelyUnlikely | mediumMedium | P4 | L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| ISO/IEC TR 24772:2013 | 6.8 String Termination [CJM] | ISO/IEC 9899:2011 | Annex K.3.7.1.4, "The strncpy_s Function" |
...