Insecure use of strcpy, stpcpy, strcat
Description
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer. This can be caused by using insecure functions such as strcpy, stpcpy, or strcat without proper bounds checking.
Examples
Insecure Code
c
strcpy(buffer, user_input);Secure Code
c
strncpy(buffer, user_input, sizeof(buffer) - 1); buffer[sizeof(buffer) - 1] = '\0';Remediation
Use strncpy, strncat, or other safer alternatives with proper bounds checking to prevent buffer overflows.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0648 |
| Category | Injection |
| Severity | CRITICAL |
| CWE | CWE-120 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | buffer overflow, insecure function |
| OWASP | N/A |
References
- https://cwe.mitre.org/data/definitions/120
- https://cwe.mitre.org/data/definitions/787
- https://cwe.mitre.org/data/definitions/676
- https://g.co/kgs/PCHQjJ