Shon Harris, Allen Harper, Chris Eagle, and Jonathan Ness
"Gray Hat Hacking, Second Edition"
However, bounds checking is not done with regard to string size, which may lead to problems (as discussed later in Chapter 7). strcpy/strncpy The strcpy command is probably the most dangerous command used in C. The format of the command is strcpy(, ); The purpose of the command is to copy each character in the source string (a series of characters ending with a null character: \0) into the destination string. This is particularly dangerous because there is no checking of the size of the source before it is copied over the destination. In reality, we are talking about overwriting memory locations here, Gray Hat Hacking: The Ethical Hacker??™s Handbook 124 \n Carriage return/new line printf(???test\n???); %d Decimal value printf(???test %d???, 123); %s String value printf(???test %s???, ???123???); %x Hex value printf(???test %x???, 0x123); Table 6-2 printf Format Symbols something which will be explained later. Suffice it to say, when the source is larger than the space allocated for the destination, bad things happen (buffer overflows). A much safer command is the strncpy command. The format of that command is strncpy(, , ); The width field is used to ensure that only a certain number of characters are copied from the source string to the destination string, allowing for greater control by the programmer.