
Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Why We Assume strncpy Insecure in C/C++
The function strncpy() is used to copy the specified number of characters to the destination from the source. It is similar to the strcpy() function. In strncpy() function, we can specify the at most how many characters we want to copy from source to destination.
In this article, we have a source string. Our task is to copy this string into a destination string using the strncpy() function and understand why it is insecure to use in C++.
Syntax of strncpy() Function
The syntax of the strncpy() function is as follows:
char *strncpy(char *destination, char *source, size_t n);
The parameters in the above syntax are:
- destination: It represents the destination array where the source string is to be copied.
- source: It represents the string to be copied.
- size_t n: It represents the maximum number of characters to be copied from the source string.
Why is strncpy() Function Insecure in C/C++
The strncpy() function is considered insecure in C/C++ as the strncpy() function does not guarantee null-termination. The null termination means we mark the end of the string in memory using a null character. We have given two examples below with the same code, but the only difference is that one example is null terminated, and the other does not display the difference in the output.
Example 1
In this example, we have copied first 4 characters to destination using the strncpy() function. Since, the destination is not null-terminated, it will print some garbage value after printing first 4 characters in destination.
#include <iostream> #include <cstring> using namespace std; int main() { char source[20] = "This is a string"; char dest[20]; strncpy(dest, source, 4); cout << "The destination string is: " << dest; return 0; }
The output of the above code is as follows:
The destination string is: This?
#include <stdio.h> #include <string.h> int main() { char source[20] = "This is a string"; char dest[20]; strncpy(dest, source, 4); printf("The destination string is: %s", dest); return 0; }
The output of the above code is as follows:
The destination string is: This
Example 2
In this example, we have copied the four characters from the source to the destination just like example 1. The only difference is that we have null-terminated the destination using dest[4] = '\0'. So, it will simply print the first four characters and not any garbage value.
#include <iostream> #include <cstring> using namespace std; int main() { char source[20] = "This is a string"; char dest[20]; strncpy(dest, source, 4); dest[4] = '\0'; cout << "The destination string is: " << dest; return 0; }
The output of the above code is as follows:
The destination string is: This
#include <stdio.h> #include <string.h> int main() { char source[20] = "This is a string"; char dest[20]; strncpy(dest, source, 4); dest[4] = '\0'; printf("The destination string is: %s", dest); return 0; }
The output of the above code is as follows:
The destination string is: This