snprintf vs strcat,

Discussion in 'C Programming' started by ajm, Jan 14, 2005.

  1. ajm

    ajm Guest

    Hi,

    I'm refactoring some HTTP client code I wrote a while back and in the
    process I'm tightening up some of my string processing code (most of
    which involves parsing, replacing, concatenating strings etc.).

    I'm reading that it is better to use str functions like "snprintf" and
    to avoid using "strcat" altogether since the former more explicit
    protection against buffer overflow etc. Is this sort of comment good
    advice ?

    My priorities are security, standards (ANSI C/POSIX) then performance.
    What say ye ?
    ajm.
    ajm, Jan 14, 2005
    #1
    1. Advertising

  2. ajm

    CBFalconer Guest

    ajm wrote:
    >
    > I'm refactoring some HTTP client code I wrote a while back and in the
    > process I'm tightening up some of my string processing code (most of
    > which involves parsing, replacing, concatenating strings etc.).
    >
    > I'm reading that it is better to use str functions like "snprintf"
    > and to avoid using "strcat" altogether since the former more explicit
    > protection against buffer overflow etc. Is this sort of comment good
    > advice ?
    >
    > My priorities are security, standards (ANSI C/POSIX) then performance.
    > What say ye ?


    Look into using strlcpy and strlcat, which were proposed and I
    believe incorporated into BSD some time ago. They are much more
    friendly and less error prone. You can find a portable
    implementation and the associated justification and documentation
    at:

    <http://cbfalconer.home.att.net/download/strlcpy.zip>

    --
    "If you want to post a followup via groups.google.com, don't use
    the broken "Reply" link at the bottom of the article. Click on
    "show options" at the top of the article, then click on the
    "Reply" at the bottom of the article headers." - Keith Thompson
    CBFalconer, Jan 14, 2005
    #2
    1. Advertising

  3. In article <>, "ajm" <> writes:
    >
    > I'm refactoring some HTTP client code I wrote a while back and in the
    > process I'm tightening up some of my string processing code (most of
    > which involves parsing, replacing, concatenating strings etc.).
    >
    > I'm reading that it is better to use str functions like "snprintf" and
    > to avoid using "strcat" altogether since the former more explicit
    > protection against buffer overflow etc. Is this sort of comment good
    > advice ?


    You'll have to judge that for yourself, I'm afraid. Certainly the
    overflow-guarding functions provide an extra check that's not
    present in their non-guarding alternatives. However, people often
    use strncpy and strncat incorrectly, and since buffer overflow has
    to be handled somehow, some argue that you ought to find how long
    your source strings are *before* trying to copy them - which makes
    the additional guarding largely pointless.

    > My priorities are security, standards (ANSI C/POSIX) then performance.


    Personally, I generally use the guarded versions (strncpy, strncat,
    snprintf) in most cases. In some places overflow is handled by
    silent truncation, because the program specification allows that; in
    others the code has checked lengths already but uses the guarded
    versions anyway just to protect against present or future logic
    errors that might let an over-long parameter through. I'm not
    concerned about the performance penalty, which is likely to be
    negligible.

    If you're concerned about standards, though, note that snprintf was
    only added to the C standard in 1999, and that earlier versions of
    the POSIX (SUS, etc) standard was inferior (it didn't let snprintf
    distinguish between end-of-buffer and invalid-format conditions).
    The current Microsoft Visual C snprintf implementation is still
    broken this way, and some older Unix ones are as well (all of those
    from HP, IIRC).

    If your first priority is security - which I approve of - and you're
    going to use C,[1] then I would recommend using the guarded string-
    handling functions, or writing your own, or picking up someone else's
    (if it's compliant and after vetting it). But I'd also recommend
    thinking about how overflow should be handled, when silent truncation
    is appropriate, and when the application should do something else;
    and I'd recommend making explicit length checks where they seem
    appropriate and not just relying on the string-handling functions to
    do that for you.


    1. There's been a lengthy flamewar recently in sci.crypt over whether
    C is inherently bad for software security. I'm staying out of it,
    as I think all the useful arguments on both sides have already been
    aired.

    --
    Michael Wojcik

    Any average educated person can turn out competent verse. -- W. H. Auden
    Michael Wojcik, Jan 14, 2005
    #3
  4. ajm

    ajm Guest

    thx for the feedback - this pretty much confirms what I thought.....

    my idiom up to now has been to compute lengths + malloc, then
    do my string stuff (for the most part I use my own memory mgr
    for the former and has a few string wrappers/utils for the latter).

    I am aware of strlcpy and co. but these are not POSIX as far as
    I know (I write on *BSD but sometimes deploy onto Linux).

    thx,
    ajm.
    ajm, Jan 15, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chester

    snprintf() for embedded

    Chester, Apr 17, 2004, in forum: C Programming
    Replies:
    1
    Views:
    428
    CBFalconer
    Apr 17, 2004
  2. A. Farber

    Extending snprintf() - how to modify va_list?

    A. Farber, Jun 28, 2006, in forum: C Programming
    Replies:
    2
    Views:
    573
    A. Farber
    Jun 30, 2006
  3. dimka

    looking for statefull snprintf

    dimka, Aug 17, 2006, in forum: C Programming
    Replies:
    20
    Views:
    698
    CBFalconer
    Aug 20, 2006
  4. matevzb

    snprintf() return value

    matevzb, Jan 20, 2007, in forum: C Programming
    Replies:
    14
    Views:
    1,183
    Clark S. Cox III
    Jan 23, 2007
  5. dmtr
    Replies:
    11
    Views:
    1,466
Loading...

Share This Page