Insecure functions unable to limit / check buffer sizes
Description
The `lstrcpy` family of functions do not provide the ability to limit or check buffer sizes before copying to a destination buffer. This can lead to buffer overflows. Consider using more secure alternatives such as `strncpy_s`.
Examples
Insecure Code
c
lstrcpy(buffer, source);Secure Code
c
strncpy_s(buffer, source, sizeof(buffer));Remediation
Replace `lstrcpy`, `wcscpy`, `_tcscpy`, `_mbscpy` with `strncpy_s` or other secure alternatives.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0571 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-120 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | buffer overflow, insecure function |
| OWASP | A1:2017-Injection, A03:2021-Injection |