Insecure string processing functions
Description
The `strccpy` and `strcadd` functions do not allow the caller to check that the destination size of the buffer will fit the input buffer prior to copying.
Examples
Insecure Code
c
strccpy(dest, src);Secure Code
c
strncpy(dest, src, sizeof(dest));Remediation
Use safer string processing functions like `strncpy` or `strcpy_s` that allow specifying the maximum number of characters to copy.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0578 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-120 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | insecure-function, buffer-overflow |
| OWASP | A1:2017-Injection, A03:2021-Injection |