Resolve vulnerability: Insecure string processing function (strcpy)
AI GENERATED PATCH
The suggested code changes were generated by GitLab Duo Vulnerability Resolution, an AI feature. Use this feature with caution. Before you apply the code changes, carefully review and test them, to ensure that they solve the vulnerability, don't harm the functional behavior of your application or introduce new vulnerabilities.
The large language model that generated the suggested code changes was only provided with the affected lines of code, and the vulnerability in that code. It is not aware of any functionality outside of this context.
Please see our documentation for more information about this feature. We'd love to hear your feedback so we can improve on this feature as we work to bring it to general availability.
Description:
The strcpy
family of functions do not provide the ability to limit or check buffer
sizes before copying to a destination buffer. This can lead to buffer overflows. Consider
using more secure alternatives such as strncpy
and provide the correct limit to the
destination buffer and ensure the string is null terminated.
For more information please see: https://linux.die.net/man/3/strncpy
If developing for C Runtime Library (CRT), more secure versions of these functions should be used, see: https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/strncpy-s-strncpy-s-l-wcsncpy-s-wcsncpy-s-l-mbsncpy-s-mbsncpy-s-l?view=msvc-170
- Severity: critical
- Confidence: unknown
- Location: src/mem.c:24
Identifiers:
- A1:2017 - Injection
- CWE-120
- Flawfinder - strcpy
- A03:2021 - Injection
- flawfinder.strcpy-1