Checkers:SV.UNBOUND STRING INPUT.FUNC
Buffer overflow from unbounded string copy
The string copy function is used to copy a string of characters to a buffer of memory. The strcpy function has no argument to limit the size of the written data, so a buffer overflow may result.
The SV.UNBOUNDED_STRING_INPUT.FUNC checker looks for code calling insecure string copy functions that don't specify a buffer size, like gets(), gettext(), or catgets().
Vulnerability and risk
If the string copy function is called without a size parameter, a buffer overrun error can result. This can lead to application instability or, with a carefully constructed attack, code injection, or other vulnerabilities.
For information on vulnerability and risk in buffer overflows, see Understanding buffer overflows.
Mitigation and prevention
To avoid this vulnerability
- make sure you use functions that have buffer size as an input parameter, like fgets instead of gets
- for Windows, use StrSafe functions String*Gets, such as StringCchGets, or Safe CRT functions like gets_s
- use a function like strlen() to determine the buffer size you need
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-242: Use of Inherently Dangerous Function
- STR31-C:Guarantee that storage for strings has sufficient space for character data and the null terminator
- STR35-C:Do not copy data from an unbounded source to a fixed-length array
- STIG-ID:APP3590.2 Application is vulnerable to buffer overflows
- SDL Banned Function Calls