Insecure use of strncat
Description
The `strncat` family of functions are easy to use incorrectly when calculating destination buffer sizes. It is recommended to use more secure alternatives such as `snprintf`. For more information, see: https://linux.die.net/man/3/snprintf. If developing for C Runtime Library (CRT), more secure versions of these functions should be used, see: https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/strncat-s-strncat-s-l-wcsncat-s-wcsncat-s-l-mbsncat-s-mbsncat-s-l?view=msvc-170
Examples
Insecure Code
c
strncat(buffer, "hello", 10);Secure Code
c
snprintf(buffer, sizeof(buffer), "%s", "hello");Remediation
Replace strncat with a safer alternative like snprintf to prevent potential buffer overflow vulnerabilities.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0583 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-120 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | buffer overflow, string manipulation |
| OWASP | A1:2017-Injection, A03:2021-Injection |