[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20250216173927.712148-1-ant.v.moryakov@gmail.com>
Date: Sun, 16 Feb 2025 20:39:27 +0300
From: Anton Moryakov <ant.v.moryakov@...il.com>
To: musl@...ts.openwall.com
Cc: Anton Moryakov <ant.v.moryakov@...il.com>
Subject: [PATCH] src: string: Replace unsafe strcpy with strncat in strcat()
Static analyzer reported:
PROC_USE.VULNERABLE Use of vulnerable function 'strcpy' at strcat.c:5. This function is unsafe, use strncpy instead.
Corrections explained:
Replaced the vulnerable function strcpy with strncat in strcat()
to prevent potential buffer overflows.
Previous code:
strcpy(dest + strlen(dest), src);
New code:
strncat(dest, src, strlen(src));
This improves security but does not guarantee full buffer safety.
For complete protection, dest_size should be explicitly checked
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov@...il.com>
---
src/string/strcat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/string/strcat.c b/src/string/strcat.c
index 33f749b1..d341facf 100644
--- a/src/string/strcat.c
+++ b/src/string/strcat.c
@@ -2,6 +2,6 @@
char *strcat(char *restrict dest, const char *restrict src)
{
- strcpy(dest + strlen(dest), src);
+ strncat(dest, src, strlen(src));
return dest;
}
--
2.30.2
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
