Menu
I am looking to find out why strncpy is considered insecure. Does anybody have any sort of documentation on this or examples of an exploit using it?
914
Problem with strcpy(): The strcpy() function does not specify the size of the destination array, so buffer overrun is often a risk. Using strcpy() function to copy a large character array into a smaller one is dangerous, but if the string will fit, then it will not be worth the risk.
There are a some functions in C that you should never use. Functions that make your program vulnerable to attacks (such as buffer overflow attacks) or that might crash your program or that might corrupt memory and let your program in an undefined state. strncpy is one of them.
strcpy_s() is a security enhanced version of strcpy() . With strcpy_s you can specify the size of the destination buffer to avoid buffer overflows during copies. char tuna[5]; // a buffer which holds 5 chars incluing the null character.
Copies at most count characters of the byte string pointed to by src (including the terminating null character) to character array pointed to by dest . If count is reached before the entire string src was copied, the resulting character array is not null-terminated.
Take a look at this site; it's a fairly detailed explanation. Basically, strncpy() doesn't require NUL termination, and is therefore susceptible to a variety of exploits.
93
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
