[apple/libc.git] / string / FreeBSD / strcat.3

.\" Copyright (c) 1990, 1991, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" This code is derived from software contributed to Berkeley by
.\" Chris Torek and the American National Standards Committee X3,
.\" on Information Processing Systems.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"	This product includes software developed by the University of
.\"	California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     @(#)strcat.3	8.1 (Berkeley) 6/4/93
.\" $FreeBSD: src/lib/libc/string/strcat.3,v 1.13 2002/09/06 11:24:06 tjr Exp $
.\"
.Dd June 4, 1993
.Dt STRCAT 3
.Os
.Sh NAME
.Nm strcat
.Nd concatenate strings
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In string.h
.Ft char *
.Fn strcat "char * restrict s" "const char * restrict append"
.Ft char *
.Fn strncat "char * restrict s" "const char * restrict append" "size_t count"
.Sh DESCRIPTION
The
.Fn strcat
and
.Fn strncat
functions
append a copy of the null-terminated string
.Fa append
to the end of the null-terminated string
.Fa s ,
then add a terminating
.Ql \e0 .
The string
.Fa s
must have sufficient space to hold the result.
.Pp
The
.Fn strncat
function
appends not more than
.Fa count
characters from
.Fa append ,
and then adds a terminating
.Ql \e0 .
.Sh RETURN VALUES
The
.Fn strcat
and
.Fn strncat
functions
return the pointer
.Fa s .
.Sh SECURITY CONSIDERATIONS
The
.Fn strcat
function is easily misused in a manner
which enables malicious users to arbitrarily change
a running program's functionality through a buffer overflow attack.
(See
the FSA.)
.Pp
Avoid using
.Fn strcat .
Instead, use
.Fn strncat
or
.Fn strlcat
and ensure that no more characters are copied to the destination buffer
than it can hold.
.Pp
Note that
.Fn strncat
can also be problematic.
It may be a security concern for a string to be truncated at all.
Since the truncated string will not be as long as the original,
it may refer to a completely different resource
and usage of the truncated resource
could result in very incorrect behavior.
Example:
.Bd -literal
void
foo(const char *arbitrary_string)
{
	char onstack[8];

#if defined(BAD)
	/*
	 * This first strcat is bad behavior.  Do not use strcat!
	 */
	(void)strcat(onstack, arbitrary_string);	/* BAD! */
#elif defined(BETTER)
	/*
	 * The following two lines demonstrate better use of
	 * strncat().
	 */
	(void)strncat(onstack, arbitrary_string,
	    sizeof(onstack) - strlen(onstack) - 1);
#elif defined(BEST)
	/*
	 * These lines are even more robust due to testing for
	 * truncation.
	 */
	if (strlen(arbitrary_string) + 1 >
	    sizeof(onstack) - strlen(onstack))
		err(1, "onstack would be truncated");
	(void)strncat(onstack, arbitrary_string,
	    sizeof(onstack) - strlen(onstack) - 1);
#endif
}
.Ed
.Sh SEE ALSO
.Xr bcopy 3 ,
.Xr memccpy 3 ,
.Xr memcpy 3 ,
.Xr memmove 3 ,
.Xr strcpy 3 ,
.Xr strlcat 3 ,
.Xr strlcpy 3
.Rs
.%T "The FreeBSD Security Architecture"
.Re
(See
.Pa "/usr/share/doc/{to be decided}" . )
.Sh STANDARDS
The
.Fn strcat
and
.Fn strncat
functions
conform to
.St -isoC .
Commit	Line	Data
5b2abdfb	1	.\" Copyright (c) 1990, 1991, 1993
e9ce8d39 A	2	.\" The Regents of the University of California. All rights reserved.
e9ce8d39 A	3	.\"
5b2abdfb A	4	.\" This code is derived from software contributed to Berkeley by
	5	.\" Chris Torek and the American National Standards Committee X3,
	6	.\" on Information Processing Systems.
	7	.\"
e9ce8d39 A	8	.\" Redistribution and use in source and binary forms, with or without
	9	.\" modification, are permitted provided that the following conditions
	10	.\" are met:
	11	.\" 1. Redistributions of source code must retain the above copyright
	12	.\" notice, this list of conditions and the following disclaimer.
	13	.\" 2. Redistributions in binary form must reproduce the above copyright
	14	.\" notice, this list of conditions and the following disclaimer in the
	15	.\" documentation and/or other materials provided with the distribution.
	16	.\" 3. All advertising materials mentioning features or use of this software
	17	.\" must display the following acknowledgement:
	18	.\" This product includes software developed by the University of
	19	.\" California, Berkeley and its contributors.
	20	.\" 4. Neither the name of the University nor the names of its contributors
	21	.\" may be used to endorse or promote products derived from this software
	22	.\" without specific prior written permission.
	23	.\"
	24	.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
	25	.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	26	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	27	.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
	28	.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	29	.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	30	.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	31	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	32	.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	33	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	34	.\" SUCH DAMAGE.
	35	.\"
5b2abdfb	36	.\" @(#)strcat.3 8.1 (Berkeley) 6/4/93
9385eb3d	37	.\" $FreeBSD: src/lib/libc/string/strcat.3,v 1.13 2002/09/06 11:24:06 tjr Exp $
e9ce8d39	38	.\"
5b2abdfb A	39	.Dd June 4, 1993
5b2abdfb A	40	.Dt STRCAT 3
e9ce8d39 A	41	.Os
e9ce8d39 A	42	.Sh NAME
5b2abdfb A	43	.Nm strcat
5b2abdfb A	44	.Nd concatenate strings
e9ce8d39 A	45	.Sh LIBRARY
	46	.Lb libc
	47	.Sh SYNOPSIS
5b2abdfb A	48	.In string.h
5b2abdfb A	49	.Ft char *
9385eb3d	50	.Fn strcat "char * restrict s" "const char * restrict append"
5b2abdfb	51	.Ft char *
9385eb3d	52	.Fn strncat "char * restrict s" "const char * restrict append" "size_t count"
e9ce8d39 A	53	.Sh DESCRIPTION
e9ce8d39 A	54	The
5b2abdfb	55	.Fn strcat
e9ce8d39	56	and
5b2abdfb A	57	.Fn strncat
	58	functions
	59	append a copy of the null-terminated string
	60	.Fa append
	61	to the end of the null-terminated string
	62	.Fa s ,
	63	then add a terminating
	64	.Ql \e0 .
	65	The string
	66	.Fa s
	67	must have sufficient space to hold the result.
	68	.Pp
e9ce8d39	69	The
5b2abdfb A	70	.Fn strncat
	71	function
	72	appends not more than
	73	.Fa count
	74	characters from
	75	.Fa append ,
	76	and then adds a terminating
	77	.Ql \e0 .
e9ce8d39	78	.Sh RETURN VALUES
5b2abdfb A	79	The
	80	.Fn strcat
	81	and
	82	.Fn strncat
	83	functions
	84	return the pointer
	85	.Fa s .
9385eb3d A	86	.Sh SECURITY CONSIDERATIONS
	87	The
	88	.Fn strcat
	89	function is easily misused in a manner
	90	which enables malicious users to arbitrarily change
	91	a running program's functionality through a buffer overflow attack.
	92	(See
	93	the FSA.)
	94	.Pp
	95	Avoid using
	96	.Fn strcat .
	97	Instead, use
	98	.Fn strncat
	99	or
	100	.Fn strlcat
	101	and ensure that no more characters are copied to the destination buffer
	102	than it can hold.
	103	.Pp
	104	Note that
	105	.Fn strncat
	106	can also be problematic.
	107	It may be a security concern for a string to be truncated at all.
	108	Since the truncated string will not be as long as the original,
	109	it may refer to a completely different resource
	110	and usage of the truncated resource
	111	could result in very incorrect behavior.
	112	Example:
	113	.Bd -literal
	114	void
	115	foo(const char *arbitrary_string)
	116	{
	117	char onstack[8];
	118
	119	#if defined(BAD)
	120	/*
	121	* This first strcat is bad behavior. Do not use strcat!
	122	*/
	123	(void)strcat(onstack, arbitrary_string); /* BAD! */
	124	#elif defined(BETTER)
	125	/*
	126	* The following two lines demonstrate better use of
	127	* strncat().
	128	*/
	129	(void)strncat(onstack, arbitrary_string,
	130	sizeof(onstack) - strlen(onstack) - 1);
	131	#elif defined(BEST)
	132	/*
	133	* These lines are even more robust due to testing for
	134	* truncation.
	135	*/
	136	if (strlen(arbitrary_string) + 1 >
	137	sizeof(onstack) - strlen(onstack))
	138	err(1, "onstack would be truncated");
	139	(void)strncat(onstack, arbitrary_string,
	140	sizeof(onstack) - strlen(onstack) - 1);
	141	#endif
	142	}
	143	.Ed
e9ce8d39	144	.Sh SEE ALSO
5b2abdfb A	145	.Xr bcopy 3 ,
	146	.Xr memccpy 3 ,
	147	.Xr memcpy 3 ,
	148	.Xr memmove 3 ,
	149	.Xr strcpy 3 ,
	150	.Xr strlcat 3 ,
	151	.Xr strlcpy 3
9385eb3d A	152	.Rs
	153	.%T "The FreeBSD Security Architecture"
	154	.Re
	155	(See
	156	.Pa "/usr/share/doc/{to be decided}" . )
5b2abdfb	157	.Sh STANDARDS
e9ce8d39	158	The
5b2abdfb A	159	.Fn strcat
	160	and
	161	.Fn strncat
	162	functions
	163	conform to
	164	.St -isoC .