diff options
author | chris <chris@FreeBSD.org> | 2002-01-05 20:44:34 +0000 |
---|---|---|
committer | chris <chris@FreeBSD.org> | 2002-01-05 20:44:34 +0000 |
commit | 49c162fb20e21d3e903258dc958186dcda58b674 (patch) | |
tree | 4a608b1e5f757ed78acb7d97587e17ba72bc068e /lib/libc/string/strcat.3 | |
parent | fe1ce55be7ab2b07718a810dc728e69a7e426c81 (diff) | |
download | FreeBSD-src-49c162fb20e21d3e903258dc958186dcda58b674.zip FreeBSD-src-49c162fb20e21d3e903258dc958186dcda58b674.tar.gz |
Add a new `SECURITY CONSIDERATIONS' section. Sample code similar to
the first revision of strcpy(3)'s section is included, but should be
removed as the Security Architecture document is committed and
completed.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'lib/libc/string/strcat.3')
-rw-r--r-- | lib/libc/string/strcat.3 | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/lib/libc/string/strcat.3 b/lib/libc/string/strcat.3 index a24a60c..3f24565 100644 --- a/lib/libc/string/strcat.3 +++ b/lib/libc/string/strcat.3 @@ -83,6 +83,65 @@ and functions return the pointer .Fa s . +.Sh SECURITY CONSIDERATIONS +The +.Fn strcat +function is easily misused in a manner +which enables malicious users to arbitrarily change +a running program's functionality through a buffer overflow attack. +(See +the FSA.) +.Pp +Avoid using +.Fn strcat . +Instead, use +.Fn strncat +or +.Fn strlcat +and ensure that no more characters are copied to the destination buffer +than it can hold. +.Pp +Note that +.Fn strncat +can also be problematic. +It may be a security concern for a string to be truncated at all. +Since the truncated string will not be as long as the original, +it may refer to a completely different resource +and usage of the truncated resource +could result in very incorrect behavior. +Example: +.Bd -literal +void +foo(const char *arbitrary_string) +{ + char onstack[8]; + +#if defined(BAD) + /* + * This first strcat is bad behavior. Do not use strcat! + */ + (void)strcat(onstack, arbitrary_string); /* BAD! */ +#elif defined(BETTER) + /* + * The following two lines demonstrate better use of + * strncat(). + */ + (void)strncat(onstack, arbitrary_string, + sizeof(onstack) - strlen(onstack) - 1); +#elif defined(BEST) + /* + * These lines are even more robust due to testing for + * truncation. + */ + if (strlen(arbitrary_string) + 1 > + sizeof(onstack) - strlen(onstack)) + err(1, "onstack would be truncated"); + (void)strncat(onstack, arbitrary_string, + sizeof(onstack) - strlen(onstack) - 1); +#endif +} + +.Ed .Sh SEE ALSO .Xr bcopy 3 , .Xr memccpy 3 , @@ -91,6 +150,10 @@ return the pointer .Xr strcpy 3 , .Xr strlcat 3 , .Xr strlcpy 3 +.Rs +.%T "The FreeBSD Security Architecture" +.%J "/usr/share/doc/{to be decided}" +.Re .Sh STANDARDS The .Fn strcat |