Linux buffer overflow vulnerability. Why strcpy() is a bad idea in C.

Posted: March 9, 2011. At: 10:27 AM. This was 6 years ago. Post ID: 1077

http://www.osnews.com/comments/24501.

There has been a story floating around the Internet that Linux was vulnerable to a buffer overflow when a USB device with a name longer than 80 characters was plugged in. They were using strcpy(3) to receive the data string containing the name of the device, but that is vulnerable to attack, it is better to use strncpy(3) like this:

char * strncpy ( char * destination, const char * source, size_t num );

Then the num value is a buffer size and you can use:

#define num 80

at the top of the source file and then it will only allow up to 80 characters of input. The fix in the Linux kernel uses strlcpy(), but this is the same thing anyway and offers the same functionality. Using strcpy() these days is asking for trouble and should be avoided, best to learn better programming practice before deploying your code.

No comments have been made. Use this form to start the conversation :)

Leave a Reply