Insecure use of strncpy
Description
The `strncpy` family of functions do not properly handle strings that are not null terminated. It is recommended to use more secure alternatives such as `snprintf`.
Examples
Insecure Code
c
strncpy(dest, src, 10);Secure Code
c
snprintf(dest, 10, "%s", src);Remediation
Replace strncpy with a more secure alternative like snprintf.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0584 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-120 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | injection, buffer overflow |
| OWASP | A1:2017-Injection, A03:2021-Injection |