Home > C/C++ > string functions and buffer overflow

string functions and buffer overflow

strcpy(), strcat() and strcmp() are some really useful functions from standard C library and I have seen people using them quite a lot but something that needs to be taken care of is that at time they can end up in a buffer overflow condition.

They are dangerous because if the string to be copied or for concatenation is too long to fit in the destination buffer, it will overwrite adjacent memory, invoking undefined behavior. This can at times even result in a segmentation fault if the above mentioned scenario does happen, and a good hacker can actually use this buffer overflow to break into a system.

A good solution to that is using length checking version of string functions from standard C library like strncat(), strncpy() and strncmp().

Shoaib Mir

Categories: C/C++ Tags: , , , ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: