Why is strncpy insecure?

c++ c string strncpy

I am looking to find out why strncpy is considered insecure. Does anybody have any sort of documentation on this or examples of an exploit using it?


Solution 1:

Take a look at this site; it's a fairly detailed explanation. Basically, strncpy() doesn't require NUL termination, and is therefore susceptible to a variety of exploits.

Solution 2:

The original problem is obviously that strcpy(3) was not a memory-safe operation, so an attacker could supply a string longer than the buffer which would overwrite code on the stack, and if carefully arranged, could execute arbitrary code from the attacker.

But strncpy(3) has another problem in that it doesn't supply null termination in every case at the destination. (Imagine a source string longer than the destination buffer.) Future operations may expect conforming C nul-terminated strings between equally sized buffers and malfunction downstream when the result is copied to yet a third buffer.

Using strncpy(3) is better than strcpy(3) but things like strlcpy(3) are better still.

Related

How can I make something that catches all 'unhandled' exceptions in a WinForms application?
Laravel : Syntax error or access violation: 1055 Error
How to determine previous page URL in Angular?
How to get a number of random elements from an array?
Is it possible to deserialize XML into List<T>?
How to use the Qt's PIMPL idiom?
How to get DropDownList SelectedValue in Controller in MVC
Where do we use the object operator "->" in PHP?
How can I set the 'backend' in matplotlib in Python?
pip install access denied on Windows
Read url to string in few lines of java code
How to instantiate a File object in JavaScript?