Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does strlen() in a strncmp() expression defeat the purpose of using strncmp() over strcmp()?

Tags:

c

buffer-overflow

strcmp

strncmp

By my understanding, strcmp() (no 'n'), upon seeing a null character in either argument, immediately stops processing and returns a result.
Therefore, if one of the arguments is known with 100% certainty to be null-terminated (e.g. it is a string literal), there is no security benefit whatsoever in using strncmp() (with 'n') with a call to strlen() as part of the third argument to limit the comparison to the known string length, because strcmp() will already never read more characters than are in that known-terminating string.

In fact, it seems to me that a call to strncmp() whose length argument is a strlen() on one of the first two arguments is only different from the strcmp() case in that it wastes time linear in the size of the known-terminating string by evaluating the strlen() expression.

Consider:

Sample code A:

if (strcmp(user_input, "status") == 0)
    reply_with_status();

Sample code B:

if (strncmp(user_input, "status", strlen("status")+1) == 0)
    reply_with_status();

Is there any benefit to the former over the latter? Because I see it in other people's code a lot.

Do I have a flawed understanding of how these functions work?

like image 295
cvp Avatar asked Feb 14 '13 22:02

cvp

3 Answers

In your particular example, I would say it's detrimental to use strncmp because of:

  • Using strlen does the scan anyway
  • Repetition of the string literal "status"
  • Addition of 1 to make sure that strings are indeed equal

All these add to clutter, and in neither case would you be protected from overflowing user_input if it indeed was shorter than 6 characters and contained the same characters as the test string.

That would be exceptional. If you know that your input string always has more memory than the number of characters in your test strings, then don't worry. Otherwise, you might need to worry, or at least consider it. strncmp is useful for testing stuff inside large buffers.

My preference is for code readability.

like image 76
paddy Avatar answered Nov 15 '22 10:11

paddy

Yes it does. If you use strlen in a strncmp, it will traverse the pointer until it sees a null in the string. That makes it functionally equivalent to strcmp.

like image 4
Gabe Sechan Avatar answered Nov 15 '22 10:11

Gabe Sechan

In the particular case you've given, it's indeed useless. However, a slight alteration is more common:

if (strncmp(user_input, "status", strlen("status")) == 0)
    reply_with_status();

This version just checks if user_input starts with "status", so it has different semantics.

like image 4
caf Avatar answered Nov 15 '22 12:11

caf
Sign in to Comment

Related questions

MPI count of zero is often valid
Linux reboot function called in C program causes file loss created by the program on disk
How to redirect the output of system() to a file?
gdb find memory address of line number
Passing a string in a function (C)
what is the usage of PTHREAD_CREATE_JOINABLE in pthread?
Is it posible to check if a struct was defined before (in a header file) during preprocessor?
Convert ASCII character to x11 keycode
Pass the value from child to parent process
carriage return by fgets
Linux device driver, Is it possible to get the minor number using a file descriptor?
What does the n stand for in `sscanf(s, "%d %n", &i, &n)`?
what is the purpose of "(void) ( { CODE } )" in c?
previous declaration of 'function' was here in C [duplicate]
strcmp with pointers not working in C
Code Blocks redirecting input output
Definition of global variables using a non constant initializer
Malloc and Void Pointers
How to automatically generate function header comments in eclipse-cdt?
sizeof not showing the expected output

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!