Incorrect use of strncpy, stpncpy, strlcpy, or strscpy
Description
The software uses the size of a source buffer when reading from or writing to a destination buffer, which may cause it to access memory that is outside of the bounds of the buffer.
Examples
Insecure Code
c
char src[10]; char dst[5]; strncpy(dst, src, 10);Secure Code
c
char src[10]; char dst[5]; strncpy(dst, src, 5);Remediation
Use the size of the destination buffer instead of the source buffer when calling strncpy, stpncpy, strlcpy, or strscpy to prevent buffer overflow.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0511 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-806 |
| Confidence | MEDIUM |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | buffer overflow, memory safety |
| OWASP | N/A |
References
- https://github.com/0xdea/advisories/blob/master/2020-07-solaris-whodo-w.txt
- https://cwe.mitre.org/data/definitions/806
- https://dustri.org/b/playing-with-weggli.html