Possible Duplicate:
Why is strncpy insecure?
What are the security issues with strncpy():
function foo(char * param) {
char local[100];
/* do stuff */
strncpy(local, param, strlen(param));
/* do more stuff */
}
Asked
Active
Viewed 427 times
1
Community
- 1
- 1
user1430050
- 11
- 2
-
1Define *security* (in the context of your question). – Matthieu M. Jun 01 '12 at 06:57
1 Answers
3
Normally, the maximum length (3'rd) parameter to strncpy(3) would be the size of the destination, not the size of the source. There is really no point in limiting the transfer to the size of the source, as that is the maximum that would have been transferred with the more dangerous plain strcpy(3).
And, to answer the question, the problem is that this is not a memory-safe operation, so an attacker could supply a string longer than the buffer which would overwrite code on the stack, and if carefully arranged, could execute arbitrary code from the attacker.
DigitalRoss
- 143,651
- 25
- 248
- 329