Alternative functions that limit the number of bytes copied are often recommended to mitigate buffer overflow vulnerabilities. For example:
strncpy()instead ofstrcpy()strncat()instead ofstrcat()fgets()instead ofgets()snprintf()instead ofsprintf()
These functions truncate strings that exceed the specified limits. Additionally, some functions such as strncpy() do not guarantee that the resulting string is null-terminated [[STR33-C]].
Truncation results in a loss of data and, in some cases, leads to software vulnerabilities.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Exception
An exception to this rule applies if the intent of the programmer was to intentionally truncate the null-terminated byte string. To be compliant with this standard, this intent must be clearly stated in comments.
Priority: P2 Level: L3
Truncating strings can lead to a loss of data and, in some cases, exploitable vulnerabilities.
Component |
Value |
|---|---|
Severity |
1 (low) |
Likelihood |
1 (unlikely) |
Remediation cost |
2 (medium) |
References
- ISO/IEC 9899-1999 Section 7.21 String handling <string.h>
- Seacord 05a Chapter 2 Strings
- ISO/IEC TR 24731-2006