[apple/libc.git] / string / FreeBSD / strcat.3

.\" Copyright (c) 1990, 1991, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" This code is derived from software contributed to Berkeley by
.\" Chris Torek and the American National Standards Committee X3,
.\" on Information Processing Systems.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     @(#)strcat.3	8.1 (Berkeley) 6/4/93
.\" $FreeBSD: src/lib/libc/string/strcat.3,v 1.17 2009/12/01 07:28:56 brueffer Exp $
.\"
.Dd December 1, 2009
.Dt STRCAT 3
.Os
.Sh NAME
.Nm strcat ,
.Nm strncat
.Nd concatenate strings
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In string.h
.Ft char *
.Fn strcat "char * restrict s" "const char * restrict append"
.Ft char *
.Fn strncat "char * restrict s" "const char * restrict append" "size_t count"
.Sh DESCRIPTION
The
.Fn strcat
and
.Fn strncat
functions
append a copy of the null-terminated string
.Fa append
to the end of the null-terminated string
.Fa s ,
then add a terminating
.Ql \e0 .
The string
.Fa s
must have sufficient space to hold the result.
.Pp
The
.Fn strncat
function
appends not more than
.Fa count
characters from
.Fa append ,
and then adds a terminating
.Ql \e0 .
.Sh RETURN VALUES
The
.Fn strcat
and
.Fn strncat
functions
return the pointer
.Fa s .
.Sh SECURITY CONSIDERATIONS
The
.Fn strcat
function is easily misused in a manner
which enables malicious users to arbitrarily change
a running program's functionality through a buffer overflow attack.
(See
the FSA.)
.Pp
Avoid using
.Fn strcat .
Instead, use
.Fn strncat
or
.Fn strlcat
and ensure that no more characters are copied to the destination buffer
than it can hold.
.Pp
Note that
.Fn strncat
can also be problematic.
It may be a security concern for a string to be truncated at all.
Since the truncated string will not be as long as the original,
it may refer to a completely different resource
and usage of the truncated resource
could result in very incorrect behavior.
Example:
.Bd -literal
void
foo(const char *arbitrary_string)
{
	char onstack[8];

#if defined(BAD)
	/*
	 * This first strcat is bad behavior.  Do not use strcat!
	 */
	(void)strcat(onstack, arbitrary_string);	/* BAD! */
#elif defined(BETTER)
	/*
	 * The following two lines demonstrate better use of
	 * strncat().
	 */
	(void)strncat(onstack, arbitrary_string,
	    sizeof(onstack) - strlen(onstack) - 1);
#elif defined(BEST)
	/*
	 * These lines are even more robust due to testing for
	 * truncation.
	 */
	if (strlen(arbitrary_string) + 1 >
	    sizeof(onstack) - strlen(onstack))
		err(1, "onstack would be truncated");
	(void)strncat(onstack, arbitrary_string,
	    sizeof(onstack) - strlen(onstack) - 1);
#endif
}
.Ed
.Sh SEE ALSO
.Xr bcopy 3 ,
.Xr memccpy 3 ,
.Xr memcpy 3 ,
.Xr memmove 3 ,
.Xr strcpy 3 ,
.Xr strlcat 3 ,
.Xr strlcpy 3 ,
.Xr wcscat 3
.Sh STANDARDS
The
.Fn strcat
and
.Fn strncat
functions
conform to
.St -isoC .
Commit	Line	Data
5b2abdfb	1	.\" Copyright (c) 1990, 1991, 1993
e9ce8d39 A	2	.\" The Regents of the University of California. All rights reserved.
e9ce8d39 A	3	.\"
5b2abdfb A	4	.\" This code is derived from software contributed to Berkeley by
	5	.\" Chris Torek and the American National Standards Committee X3,
	6	.\" on Information Processing Systems.
	7	.\"
e9ce8d39 A	8	.\" Redistribution and use in source and binary forms, with or without
	9	.\" modification, are permitted provided that the following conditions
	10	.\" are met:
	11	.\" 1. Redistributions of source code must retain the above copyright
	12	.\" notice, this list of conditions and the following disclaimer.
	13	.\" 2. Redistributions in binary form must reproduce the above copyright
	14	.\" notice, this list of conditions and the following disclaimer in the
	15	.\" documentation and/or other materials provided with the distribution.
e9ce8d39 A	16	.\" 4. Neither the name of the University nor the names of its contributors
	17	.\" may be used to endorse or promote products derived from this software
	18	.\" without specific prior written permission.
	19	.\"
	20	.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
	21	.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	22	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	23	.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
	24	.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	25	.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	26	.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	27	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	28	.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	29	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	30	.\" SUCH DAMAGE.
	31	.\"
5b2abdfb	32	.\" @(#)strcat.3 8.1 (Berkeley) 6/4/93
1f2f436a	33	.\" $FreeBSD: src/lib/libc/string/strcat.3,v 1.17 2009/12/01 07:28:56 brueffer Exp $
e9ce8d39	34	.\"
1f2f436a	35	.Dd December 1, 2009
5b2abdfb	36	.Dt STRCAT 3
e9ce8d39 A	37	.Os
e9ce8d39 A	38	.Sh NAME
1f2f436a A	39	.Nm strcat ,
1f2f436a A	40	.Nm strncat
5b2abdfb	41	.Nd concatenate strings
e9ce8d39 A	42	.Sh LIBRARY
	43	.Lb libc
	44	.Sh SYNOPSIS
5b2abdfb A	45	.In string.h
5b2abdfb A	46	.Ft char *
9385eb3d	47	.Fn strcat "char * restrict s" "const char * restrict append"
5b2abdfb	48	.Ft char *
9385eb3d	49	.Fn strncat "char * restrict s" "const char * restrict append" "size_t count"
e9ce8d39 A	50	.Sh DESCRIPTION
e9ce8d39 A	51	The
5b2abdfb	52	.Fn strcat
e9ce8d39	53	and
5b2abdfb A	54	.Fn strncat
	55	functions
	56	append a copy of the null-terminated string
	57	.Fa append
	58	to the end of the null-terminated string
	59	.Fa s ,
	60	then add a terminating
	61	.Ql \e0 .
	62	The string
	63	.Fa s
	64	must have sufficient space to hold the result.
	65	.Pp
e9ce8d39	66	The
5b2abdfb A	67	.Fn strncat
	68	function
	69	appends not more than
	70	.Fa count
	71	characters from
	72	.Fa append ,
	73	and then adds a terminating
	74	.Ql \e0 .
e9ce8d39	75	.Sh RETURN VALUES
5b2abdfb A	76	The
	77	.Fn strcat
	78	and
	79	.Fn strncat
	80	functions
	81	return the pointer
	82	.Fa s .
9385eb3d A	83	.Sh SECURITY CONSIDERATIONS
	84	The
	85	.Fn strcat
	86	function is easily misused in a manner
	87	which enables malicious users to arbitrarily change
	88	a running program's functionality through a buffer overflow attack.
	89	(See
	90	the FSA.)
	91	.Pp
	92	Avoid using
	93	.Fn strcat .
	94	Instead, use
	95	.Fn strncat
	96	or
	97	.Fn strlcat
	98	and ensure that no more characters are copied to the destination buffer
	99	than it can hold.
	100	.Pp
	101	Note that
	102	.Fn strncat
	103	can also be problematic.
	104	It may be a security concern for a string to be truncated at all.
	105	Since the truncated string will not be as long as the original,
	106	it may refer to a completely different resource
	107	and usage of the truncated resource
	108	could result in very incorrect behavior.
	109	Example:
	110	.Bd -literal
	111	void
	112	foo(const char *arbitrary_string)
	113	{
	114	char onstack[8];
	115
	116	#if defined(BAD)
	117	/*
	118	* This first strcat is bad behavior. Do not use strcat!
	119	*/
	120	(void)strcat(onstack, arbitrary_string); /* BAD! */
	121	#elif defined(BETTER)
	122	/*
	123	* The following two lines demonstrate better use of
	124	* strncat().
	125	*/
	126	(void)strncat(onstack, arbitrary_string,
	127	sizeof(onstack) - strlen(onstack) - 1);
	128	#elif defined(BEST)
	129	/*
	130	* These lines are even more robust due to testing for
	131	* truncation.
	132	*/
	133	if (strlen(arbitrary_string) + 1 >
	134	sizeof(onstack) - strlen(onstack))
	135	err(1, "onstack would be truncated");
	136	(void)strncat(onstack, arbitrary_string,
	137	sizeof(onstack) - strlen(onstack) - 1);
	138	#endif
	139	}
	140	.Ed
e9ce8d39	141	.Sh SEE ALSO
5b2abdfb A	142	.Xr bcopy 3 ,
	143	.Xr memccpy 3 ,
	144	.Xr memcpy 3 ,
	145	.Xr memmove 3 ,
	146	.Xr strcpy 3 ,
	147	.Xr strlcat 3 ,
1f2f436a A	148	.Xr strlcpy 3 ,
1f2f436a A	149	.Xr wcscat 3
5b2abdfb	150	.Sh STANDARDS
e9ce8d39	151	The
5b2abdfb A	152	.Fn strcat
	153	and
	154	.Fn strncat
	155	functions
	156	conform to
	157	.St -isoC .