string functions and buffer overflow

strcpy(), strcat() and strcmp() are some really useful functions from standard C library and I have seen people using them quite a lot but something that needs to be taken care of is that at time they can end up in a buffer overflow condition.

They are dangerous because if the string to be copied or for concatenation is too long to fit in the destination buffer, it will overwrite adjacent memory, invoking undefined behavior. This can at times even result in a segmentation fault if the above mentioned scenario does happen, and a good hacker can actually use this buffer overflow to break into a system.

A good solution to that is using length checking version of string functions from standard C library like strncat(), strncpy() and strncmp().

Shoaib Mir
shoaibmir[@]gmail.com