strcpy() buffer overflow (unbounded function) in C

[basileusapoleiaoff]

Hello xss forum today for dev, i'm going to explain why you should avoid strcpy

So, the strcpy command is one of the most dangerous function used in C. The format look like this:

//This is pseudo code
strcpy(<destination>, <source>);

The purpose of this command is to copy each character in the source string, into the destination string. This is particularly dangerous because their no checking of the source size before it is copied to the destination. This is called overwriting memory location. To keep it simple, when the source is larger than the space allocated for the destination, overflow condition are likely present, which result in the control of program execution. A "safer" alternative is strncpy command

//Agains this is pseudo code

strncpy(<destination>, <source>, <width>);

The <width> field is used to ensure that only a certain number of characters are copied from the source string to the destination string. The width parameter should be based on the size of the destination, such as an allocated buffer

Keep in mind even bounded function can suffer from incorrect buffer size calculations. BTW keep using it if you want, more vulnerability to exploit for me

 

[TOP G]

Yes, what you said is true You can use strcpy_s for more safety iam not sure but i guess Microsoft has added default security to vc++ compiler

 

[el84]

Lots of code had problems using strcpy() but the function itself is not the problem, the parameters and behavior of the function is well documented quoting the man page on linux:

DESCRIPTION
       stpcpy()
       strcpy()
              These  functions  copy  the  string  pointed to by src, into a string at the buffer pointed to by dst.  The programmer is responsible for allocating a destination buffer large
              enough, that is, strlen(src) + 1.  For the difference between the two functions, see RETURN VALUE.

Strings should be null terminated and if the programmer just follow the documentation he will avoid the problems, when the code is inside a function or block which already validated the inputs its safe to use strcpy.