[apple/libc.git] / string / strcat.3

.\" Copyright (c) 1990, 1991, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" This code is derived from software contributed to Berkeley by
.\" Chris Torek and the American National Standards Committee X3,
.\" on Information Processing Systems.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"	This product includes software developed by the University of
.\"	California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     @(#)strcat.3	8.1 (Berkeley) 6/4/93
.\" $FreeBSD: src/lib/libc/string/strcat.3,v 1.13 2002/09/06 11:24:06 tjr Exp $
.\"
.Dd June 4, 1993
.Dt STRCAT 3
.Os
.Sh NAME
.Nm strcat ,
.Nm strncat
.Nd concatenate strings
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In string.h
.Ft char *
.Fo strcat
.Fa "char *restrict s1"
.Fa "const char *restrict s2"
.Fc
.Ft char *
.Fo strncat
.Fa "char *restrict s1"
.Fa "const char *restrict s2"
.Fa "size_t n"
.Fc
.Sh DESCRIPTION
The
.Fn strcat
and
.Fn strncat
functions
append a copy of the null-terminated string
.Fa s2
to the end of the null-terminated string
.Fa s1 ,
then add a terminating
.Ql \e0 .
The string
.Fa s1
must have sufficient space to hold the result.
.Pp
The
.Fn strncat
function
appends not more than
.Fa n
characters from
.Fa s2 ,
and then adds a terminating
.Ql \e0 .
.Sh RETURN VALUES
The
.Fn strcat
and
.Fn strncat
functions
return the pointer
.Fa s1 .
.Sh SECURITY CONSIDERATIONS
The
.Fn strcat
function is easily misused in a manner
which enables malicious users to arbitrarily change
a running program's functionality through a buffer overflow attack.
(See
the FSA.)
.Pp
Avoid using
.Fn strcat .
Instead, use
.Fn strncat
or
.Fn strlcat
and ensure that no more characters are copied to the destination buffer
than it can hold.
.Pp
Note that
.Fn strncat
can also be problematic.
It may be a security concern for a string to be truncated at all.
Since the truncated string will not be as long as the original,
it may refer to a completely different resource
and usage of the truncated resource
could result in very incorrect behavior.
Example:
.Bd -literal
void
foo(const char *arbitrary_string)
{
	char onstack[8] = "";

#if defined(BAD)
	/*
	 * This first strcat is bad behavior.  Do not use strcat!
	 */
	(void)strcat(onstack, arbitrary_string);	/* BAD! */
#elif defined(BETTER)
	/*
	 * The following two lines demonstrate better use of
	 * strncat().
	 */
	(void)strncat(onstack, arbitrary_string,
	    sizeof(onstack) - strlen(onstack) - 1);
#elif defined(BEST)
	/*
	 * These lines are even more robust due to testing for
	 * truncation.
	 */
	if (strlen(arbitrary_string) + 1 >
	    sizeof(onstack) - strlen(onstack))
		err(1, "onstack would be truncated");
	(void)strncat(onstack, arbitrary_string,
	    sizeof(onstack) - strlen(onstack) - 1);
#endif
}
.Ed
.Sh SEE ALSO
.Xr bcopy 3 ,
.Xr memccpy 3 ,
.Xr memcpy 3 ,
.Xr memmove 3 ,
.Xr strcpy 3 ,
.Xr strlcat 3 ,
.Xr strlcpy 3
.Sh STANDARDS
The
.Fn strcat
and
.Fn strncat
functions
conform to
.St -isoC .
Commit	Line	Data
224c7076 A	1	.\" Copyright (c) 1990, 1991, 1993
	2	.\" The Regents of the University of California. All rights reserved.
	3	.\"
	4	.\" This code is derived from software contributed to Berkeley by
	5	.\" Chris Torek and the American National Standards Committee X3,
	6	.\" on Information Processing Systems.
	7	.\"
	8	.\" Redistribution and use in source and binary forms, with or without
	9	.\" modification, are permitted provided that the following conditions
	10	.\" are met:
	11	.\" 1. Redistributions of source code must retain the above copyright
	12	.\" notice, this list of conditions and the following disclaimer.
	13	.\" 2. Redistributions in binary form must reproduce the above copyright
	14	.\" notice, this list of conditions and the following disclaimer in the
	15	.\" documentation and/or other materials provided with the distribution.
	16	.\" 3. All advertising materials mentioning features or use of this software
	17	.\" must display the following acknowledgement:
	18	.\" This product includes software developed by the University of
	19	.\" California, Berkeley and its contributors.
	20	.\" 4. Neither the name of the University nor the names of its contributors
	21	.\" may be used to endorse or promote products derived from this software
	22	.\" without specific prior written permission.
	23	.\"
	24	.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
	25	.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	26	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	27	.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
	28	.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	29	.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	30	.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	31	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	32	.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	33	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	34	.\" SUCH DAMAGE.
	35	.\"
	36	.\" @(#)strcat.3 8.1 (Berkeley) 6/4/93
	37	.\" $FreeBSD: src/lib/libc/string/strcat.3,v 1.13 2002/09/06 11:24:06 tjr Exp $
	38	.\"
	39	.Dd June 4, 1993
	40	.Dt STRCAT 3
	41	.Os
	42	.Sh NAME
	43	.Nm strcat ,
	44	.Nm strncat
	45	.Nd concatenate strings
	46	.Sh LIBRARY
	47	.Lb libc
	48	.Sh SYNOPSIS
	49	.In string.h
	50	.Ft char *
	51	.Fo strcat
	52	.Fa "char *restrict s1"
	53	.Fa "const char *restrict s2"
	54	.Fc
	55	.Ft char *
	56	.Fo strncat
	57	.Fa "char *restrict s1"
	58	.Fa "const char *restrict s2"
	59	.Fa "size_t n"
	60	.Fc
	61	.Sh DESCRIPTION
	62	The
	63	.Fn strcat
	64	and
65	.Fn strncat
66	functions
67	append a copy of the null-terminated string
68	.Fa s2
69	to the end of the null-terminated string
70	.Fa s1 ,
71	then add a terminating
72	.Ql \e0 .
73	The string
74	.Fa s1
75	must have sufficient space to hold the result.
76	.Pp
77	The
78	.Fn strncat
79	function
80	appends not more than
81	.Fa n
82	characters from
83	.Fa s2 ,
84	and then adds a terminating
85	.Ql \e0 .
86	.Sh RETURN VALUES
87	The
88	.Fn strcat
89	and
90	.Fn strncat
91	functions
92	return the pointer
93	.Fa s1 .
94	.Sh SECURITY CONSIDERATIONS
95	The
96	.Fn strcat
97	function is easily misused in a manner
98	which enables malicious users to arbitrarily change
99	a running program's functionality through a buffer overflow attack.
100	(See
101	the FSA.)
102	.Pp
103	Avoid using
104	.Fn strcat .
105	Instead, use
106	.Fn strncat
107	or
108	.Fn strlcat
109	and ensure that no more characters are copied to the destination buffer
110	than it can hold.
111	.Pp
112	Note that
113	.Fn strncat
114	can also be problematic.
115	It may be a security concern for a string to be truncated at all.
116	Since the truncated string will not be as long as the original,
117	it may refer to a completely different resource
118	and usage of the truncated resource
119	could result in very incorrect behavior.
120	Example:
121	.Bd -literal
122	void
123	foo(const char *arbitrary_string)
124	{
125	char onstack[8] = "";
126
127	#if defined(BAD)
128	/*
129	* This first strcat is bad behavior. Do not use strcat!
130	*/
131	(void)strcat(onstack, arbitrary_string); /* BAD! */
132	#elif defined(BETTER)
133	/*
134	* The following two lines demonstrate better use of
135	* strncat().
136	*/
137	(void)strncat(onstack, arbitrary_string,
138	sizeof(onstack) - strlen(onstack) - 1);
139	#elif defined(BEST)
140	/*
141	* These lines are even more robust due to testing for
142	* truncation.
143	*/
144	if (strlen(arbitrary_string) + 1 >
145	sizeof(onstack) - strlen(onstack))
146	err(1, "onstack would be truncated");
147	(void)strncat(onstack, arbitrary_string,
148	sizeof(onstack) - strlen(onstack) - 1);
149	#endif
150	}
151	.Ed
152	.Sh SEE ALSO
153	.Xr bcopy 3 ,
154	.Xr memccpy 3 ,
155	.Xr memcpy 3 ,
156	.Xr memmove 3 ,
157	.Xr strcpy 3 ,
158	.Xr strlcat 3 ,
159	.Xr strlcpy 3
160	.Sh STANDARDS
161	The
162	.Fn strcat
163	and
164	.Fn strncat
165	functions
166	conform to
167	.St -isoC .