Insecure use of lstrcpyn family functions
Description
The `lstrcpyn` family of functions do not always check for invalid pointers or check if there is sufficient space prior to copying, leading to potential overflows. More secure versions of these functions should be used.
Examples
Insecure Code
c
lstrcpyn(dest, src, count);Secure Code
c
strncpy-s(dest, count, src, count);Remediation
Use secure versions of these functions, such as those provided by the C Runtime Library (CRT), like `strncpy-s`, `wcsncpy-s`, `mbsncpy-s`.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0572 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-120 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | buffer overflow, insecure function |
| OWASP | A1:2017-Injection, A03:2021-Injection |