Unbounded String Length Calculation
Description
The `strlen` family of functions does not handle strings that are not null-terminated, leading to potential buffer over-reads and crashes by accessing unintended memory locations. It is recommended to use `strnlen` instead, providing a `maxlen` value.
Examples
Insecure Code
c
size_t length = strlen(input);Secure Code
c
size_t length = strnlen(input, MAX_LENGTH);Remediation
Replace `strlen` with `strnlen` and provide a maximum length value.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0582 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-126 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | buffer over-read, null-terminated string |
| OWASP | A1:2017-Injection, A03:2021-Injection |