c.lang.security.insecure-use-strcat-fn.insecure-use-strcat-fn

Community Favorite
profile photo of returntocorpreturntocorp
Author
46,010
Download Count*
LGPL Commons Clause
License

Finding triggers whenever there is a strcat or strncat used. This is an issue because strcat or strncat can lead to buffer overflow vulns. Fix this by using strcat_s instead.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: insecure-use-strcat-fn
    pattern-either:
      - pattern: strcat(...)
      - pattern: strncat(...)
    message: Finding triggers whenever there is a strcat or strncat used. This is an
      issue because strcat or strncat can lead to buffer overflow vulns. Fix
      this by using strcat_s instead.
    metadata:
      cwe:
        - "CWE-676: Use of Potentially Dangerous Function"
      references:
        - https://nvd.nist.gov/vuln/detail/CVE-2019-12553
        - https://techblog.mediaservice.net/2020/04/cve-2020-2851-stack-based-buffer-overflow-in-cde-libdtsvc/
      category: security
      technology:
        - c
      confidence: LOW
      subcategory:
        - audit
      likelihood: LOW
      impact: HIGH
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    languages:
      - c
    severity: WARNING

Examples

insecure-use-strcat-fn.c

#include <stdio.h>

int DST_BUFFER_SIZE = 120;

int bad_strcpy(src, dst) {
    n = DST_BUFFER_SIZE;
    if ((dst != NULL) && (src != NULL) && (strlen(dst)+strlen(src)+1 <= n))
    {
        // ruleid: insecure-use-strcat-fn
        strcat(dst, src);

        // ruleid: insecure-use-strcat-fn
        strncat(dst, src, 100);
    }
}

int main() {
   printf("Hello, World!");
   return 0;
}