Manual Pages for UNIX Darwin command on man strcat
MyWebUniversity

Manual Pages for UNIX Darwin command on man strcat

STRCAT(3) BSD Library Functions Manual STRCAT(3)



NAME
     ssttrrccaatt - concatenate strings


LLIIBBRRAARRYY

     Standard C Library (libc, -lc)



SYNOPSIS
     ##iinncclluuddee <>


     char *
     ssttrrccaatt(char * restrict s, const char * restrict append);

     char *
     ssttrrnnccaatt(char * restrict s, const char * restrict append, sizet count);


DESCRIPTION
     The ssttrrccaatt() and ssttrrnnccaatt() functions append a copy of the null-terminated

     string append to the end of the null-terminated string s, then add a ter-

     minating `\0'.  The string s must have sufficient space to hold the
     result.

     The ssttrrnnccaatt() function appends not more than count characters from
     append, and then adds a terminating `\0'.


RETURN VALUES
     The ssttrrccaatt() and ssttrrnnccaatt() functions return the pointer s.

SSEECCUURRIITTYY CCOONNSSIIDDEERRAATTIIOONNSS

     The ssttrrccaatt() function is easily misused in a manner which enables mali-

     cious users to arbitrarily change a running program's functionality
     through a buffer overflow attack.  (See the FSA.)

     Avoid using ssttrrccaatt().  Instead, use ssttrrnnccaatt() or ssttrrllccaatt() and ensure
     that no more characters are copied to the destination buffer than it can
     hold.


     Note that ssttrrnnccaatt() can also be problematic.  It may be a security con-

     cern for a string to be truncated at all.  Since the truncated string

     will not be as long as the original, it may refer to a completely differ-

     ent resource and usage of the truncated resource could result in very
     incorrect behavior.  Example:

     void
     foo(const char *arbitrarystring)
     {
             char onstack[8] = "";


     #if defined(BAD)

             /*

              * This first strcat is bad behavior.  Do not use strcat!

              */

             (void)strcat(onstack, arbitrarystring);        /* BAD! */

     #elif defined(BETTER)

             /*
              * The following two lines demonstrate better use of
              * strncat().
              */
             (void)strncat(onstack, arbitrarystring,

                 sizeof(onstack) - strlen(onstack) - 1);

     #elif defined(BEST)

             /*
              * These lines are even more robust due to testing for
              * truncation.
              */
             if (strlen(arbitrarystring) + 1 >

                 sizeof(onstack) - strlen(onstack))

                     err(1, "onstack would be truncated");
             (void)strncat(onstack, arbitrarystring,

                 sizeof(onstack) - strlen(onstack) - 1);

     #endif

     }


SEE ALSO
     bcopy(3), memccpy(3), memcpy(3), memmove(3), strcpy(3), strlcat(3),
     strlcpy(3)

STANDARDS     The ssttrrccaatt() and ssttrrnnccaatt() functions conform to ISO/IEC 9899:1990
     (``ISO C90'').

BSD                              June 4, 1993                              BSD



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™