It requires far less time to convert a strcpy() to a strncpy() than it
does to backtrack through the code to determine if that same strcpy() is exploitable. The
use of strcpy() and similar functions do not by themselves make a program exploitable.
NOTE The strcpy() function is dangerous because it copies data into a
destination buffer without any regard for the size of the buffer and therefore
may overflow the buffer. One of the inputs to the strncpy() function is the
maximum number of characters to be copied into the destination buffer.
Programmers who understand the details of strcpy() will often conduct testing to
validate any parameters that will be passed to such functions. Programmers who do not
understand the details of these exploitable functions often make assumptions about the
format or structure of input data. While changing strcpy() to strncpy() may prevent a
buffer overflow, it also has the potential to truncate data, which may have other consequences
later in the application.
CAUTION The strncpy() function can still prove dangerous. Nothing
prevents the caller from passing an incorrect length for the destination buffer,
and under certain circumstances, the destination string may not be properly
terminated with a null character.
Pages:
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511