Missing null termination after strncpy/stpncpy

ID

c.buffer_overflow.unterminated_string_strncpy_stpncpy

Severity

low

Resource

Buffer Overflow

Language

C / C++

Description

If there is no NUL character byte in the first n bytes of the source string, strncpy() and stpncpy() do not NUL-terminate the destination buffer. If the program does not explicitly terminate the destination buffer, this will almost certainly result in information disclosure, and possibly a buffer overflow condition.

Rationale

If there is no NUL character byte in the first n bytes of the source string, strncpy() and stpncpy() do not NUL-terminate the destination buffer. If the program does not explicitly terminate the destination buffer, this will almost certainly result in information disclosure, and possibly a buffer overflow condition.

The following code illustrates a vulnerable pattern detected by this rule:

void copy_string1(char *string)
{
	char buf[BUFSIZE];

	// VULNERABLE: Missing null termination after strncpy/stpncpy
	strncpy(buf, string, BUFSIZE);
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References