Insecure string processing function (strcpy)
Description
The `strcpy` family of functions do not provide the ability to limit or check buffer sizes before copying to a destination buffer. This can lead to buffer overflows. Consider using more secure alternatives such as `strncpy` and provide the correct limit to the destination buffer and ensure the string is null terminated.
Examples
Insecure Code
c
strcpy(buffer, input);Secure Code
c
strncpy(buffer, input, sizeof(buffer) - 1); buffer[sizeof(buffer) - 1] = '\0';Remediation
Replace `strcpy` with `strncpy` and provide the correct limit to the destination buffer, ensuring the string is null terminated.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0579 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-120 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | buffer overflow, string processing |
| OWASP | A1:2017-Injection, A03:2021-Injection |