strcat
Prototype
This function appends a copy of the string pointed to by src
(including the terminating null character) to the end of the string pointed to by dest
. The dest
array must be large enough to hold the combined strings, including the terminating null character.
Vulnerable example
Prevent
To prevent this vulnerability, use the strlcat
function instead of strcat
to concatenate the second string to the end of the buffer
string.
The strlcat
function allows to specify the maximum number of characters to be copied from the source string and ensure that the destination string is always null-terminated , which can help to prevent the destination buffer from being overrun with data.
In this example, the strlcat
function is used to concatenate the second string stored in argv[2]
to the end of the buffer
string. The third argument to strlcat
specifies the maximum number of characters to be copied from the source string. This value is calculated by subtracting the length of the buffer
string from the size of the buffer
array and then subtracting 1 to leave room for the null-terminator.
Last updated