Insecure string processing functions
Description
The `strecpy` and `streadd` functions require that the destination buffer size be at least four times the size of the source due to each character potentially becoming a `` and 3 digits.
Examples
Insecure Code
c
strecpy(dest, src);Secure Code
c
snprintf(dest, sizeof(dest), "%s", src);Remediation
Use safer string processing functions or ensure the destination buffer size is at least four times the size of the source.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0581 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-120 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | insecure-function, buffer-overflow |
| OWASP | A1:2017-Injection, A03:2021-Injection |