Some static code analyzer tools are suggesting that all strcat usage should be replaced with strncat for safety purpose?
In a program, if we know clearly the size of the target buffer and source buffers, is it still recommended to go for strncat?
Also, given the suggestions by static tools, should strcat be used ever?
strcat() — Concatenate Strings The strcat() function concatenates string2 to string1 and ends the resulting string with the null character. The strcat() function operates on null-ended strings. The string arguments to the function should contain a null character (\0) that marks the end of the string.
The strcpy() function copies one string into another. The strcat() function concatenates two functions. The strlen() function returns the length of a function. The strcmp() function compares two strings.
The function strncat() does not allocate any storage. The caller must insure that the buffer pointed to by s1 is long enough to hold the added characters.
As others have said str* functions are for strings, not binary data.
If you are absolutely sure about source buffer's size and that the source buffer contains a NULL-character terminating the string, then you can safely use strcat when the destination buffer is large enough.
I still recommend using strncat and give it the size of the destination buffer - length of the destination string - 1
Note: I edited this since comments noted that my previous answer was horribly wrong.
Concatenate two strings into a single string.
Prototypes
#include <string.h>
char * strcat(char *restrict s1, const char *restrict s2);
char * strncat(char *restrict s1, const char *restrict s2, size_t n);
DESCRIPTION
The strcat()
and strncat()
functions append a copy of the null-terminated
string s2 to the end of the null-terminated string s1, then add a terminating \0'. The string s1 must have sufficient space to hold the
result.
The strncat() function appends not more than n characters from s2, and then adds a terminating \0'.
The source and destination strings should not overlap, as the behavior is undefined.
RETURN VALUES
The `strcat()` and `strncat()` functions return the pointer s1.
SECURITY CONSIDERATIONS
The strcat()
function is easily misused in a manner which enables malicious users to arbitrarily change a running program's functionality
through a buffer overflow attack.
Avoid using strcat()
. Instead, use strncat()
or strlcat()
and ensure
that no more characters are copied to the destination buffer than it can
hold.
Note that strncat()
can also be problematic. It may be a security concern for a string to be truncated at all. Since the truncated string
will not be as long as the original, it may refer to a completely different resource and usage of the truncated resource could result in very
incorrect behavior. Example:
void
foo(const char *arbitrary_string)
{
char onstack[8] = "";
#if defined(BAD)
/*
* This first strcat is bad behavior. Do not use strcat!
*/
(void)strcat(onstack, arbitrary_string); /* BAD! */
#elif defined(BETTER)
/*
* The following two lines demonstrate better use of
* strncat().
*/
(void)strncat(onstack, arbitrary_string,
sizeof(onstack) - strlen(onstack) - 1);
#elif defined(BEST)
/*
* These lines are even more robust due to testing for
* truncation.
*/
if (strlen(arbitrary_string) + 1 >
sizeof(onstack) - strlen(onstack))
err(1, "onstack would be truncated");
(void)strncat(onstack, arbitrary_string,
sizeof(onstack) - strlen(onstack) - 1);
#endif
}
Example
char dest[20] = "Hello";
char *src = ", World!";
char numbers[] = "12345678";
printf("dest before strcat: \"%s\"\n", dest); // "Hello"
strcat(dest, src);
printf("dest after strcat: \"%s\"\n", dest); // "Hello, World!"
strncat(dest, numbers, 3); // strcat first 3 chars of numbers
printf("dest after strncat: \"%s\"\n", dest); // "Hello, World!123"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With