Use of insecure unbounded string copy/concatenation functions

c.buffer_overflow.insecure_api_strcpy_stpcpy_strcat

Severity

critical

Resource

Buffer Overflow

Language

C / C++

Description

A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold, or when a program attempts to put data in a memory area outside of the boundaries of a buffer.

Rationale

The following code illustrates a vulnerable pattern detected by this rule:

void copy_append_string(char *string1, char *string2)
{
	char buf[BUFSIZE];

	// VULNERABLE: Use of insecure unbounded string copy/concatenation functions
	strcpy(buf, string1);

	// VULNERABLE: Use of insecure unbounded string copy/concatenation functions
	strcat(buf, string2);
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-676
OWASP Top 10 2021 - A06 : Vulnerable and Outdated Components.
https://cwe.mitre.org/data/definitions/120
https://cwe.mitre.org/data/definitions/787
https://g.co/kgs/PCHQjJ
CERTC-MSC24-C
CERTC-STR31-C