Insecure string processing function
Description
The `strcat` family of functions are unable to limit how many bytes are copied to the destination buffer. It is recommended to use more secure alternatives such as `snprintf`. For more information, see: https://linux.die.net/man/3/snprintf. If developing for C Runtime Library (CRT), more secure versions of these functions should be used, see: https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/strcat-s-wcscat-s-mbscat-s?view=msvc-170
Examples
Insecure Code
c
char buffer[10]; strcat(buffer, "hello");Secure Code
c
char buffer[10]; snprintf(buffer, sizeof(buffer), "hello");Remediation
Replace `strcat` with `snprintf` to prevent buffer overflow vulnerabilities.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0577 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-120 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | buffer overflow, string processing |
| OWASP | A1:2017-Injection, A03:2021-Injection |