1.\" Copyright (c) 1990, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" This code is derived from software contributed to Berkeley by 5.\" Chris Torek and the American National Standards Committee X3, 6.\" on Information Processing Systems. 7.\" 8.\" Redistribution and use in source and binary forms, with or without 9.\" modification, are permitted provided that the following conditions 10.\" are met: 11.\" 1. Redistributions of source code must retain the above copyright 12.\" notice, this list of conditions and the following disclaimer. 13.\" 2. Redistributions in binary form must reproduce the above copyright 14.\" notice, this list of conditions and the following disclaimer in the 15.\" documentation and/or other materials provided with the distribution. 16.\" 3. All advertising materials mentioning features or use of this software 17.\" must display the following acknowledgement: 18.\" This product includes software developed by the University of 19.\" California, Berkeley and its contributors. 20.\" 4. Neither the name of the University nor the names of its contributors 21.\" may be used to endorse or promote products derived from this software 22.\" without specific prior written permission. 23.\" 24.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34.\" SUCH DAMAGE. 35.\" 36.\" @(#)strcat.3 8.1 (Berkeley) 6/4/93 37.\" $FreeBSD$ 38.\" 39.Dd June 4, 1993 40.Dt STRCAT 3 41.Os 42.Sh NAME 43.Nm strcat 44.Nd concatenate strings 45.Sh LIBRARY 46.Lb libc 47.Sh SYNOPSIS 48.In string.h 49.Ft char * 50.Fn strcat "char * restrict s" "const char * restrict append" 51.Ft char * 52.Fn strncat "char * restrict s" "const char * restrict append" "size_t count" 53.Sh DESCRIPTION 54The 55.Fn strcat 56and 57.Fn strncat 58functions 59append a copy of the null-terminated string 60.Fa append 61to the end of the null-terminated string 62.Fa s , 63then add a terminating 64.Ql \e0 . 65The string 66.Fa s 67must have sufficient space to hold the result. 68.Pp 69The 70.Fn strncat 71function 72appends not more than 73.Fa count 74characters from 75.Fa append , 76and then adds a terminating 77.Ql \e0 . 78.Sh RETURN VALUES 79The 80.Fn strcat 81and 82.Fn strncat 83functions 84return the pointer 85.Fa s . 86.Sh SECURITY CONSIDERATIONS 87The 88.Fn strcat 89function is easily misused in a manner 90which enables malicious users to arbitrarily change 91a running program's functionality through a buffer overflow attack. 92(See 93the FSA.) 94.Pp 95Avoid using 96.Fn strcat . 97Instead, use 98.Fn strncat 99or 100.Fn strlcat 101and ensure that no more characters are copied to the destination buffer 102than it can hold. 103.Pp 104Note that 105.Fn strncat 106can also be problematic. 107It may be a security concern for a string to be truncated at all. 108Since the truncated string will not be as long as the original, 109it may refer to a completely different resource 110and usage of the truncated resource 111could result in very incorrect behavior. 112Example: 113.Bd -literal 114void 115foo(const char *arbitrary_string) 116{ 117 char onstack[8]; 118 119#if defined(BAD) 120 /* 121 * This first strcat is bad behavior. Do not use strcat! 122 */ 123 (void)strcat(onstack, arbitrary_string); /* BAD! */ 124#elif defined(BETTER) 125 /* 126 * The following two lines demonstrate better use of 127 * strncat(). 128 */ 129 (void)strncat(onstack, arbitrary_string, 130 sizeof(onstack) - strlen(onstack) - 1); 131#elif defined(BEST) 132 /* 133 * These lines are even more robust due to testing for 134 * truncation. 135 */ 136 if (strlen(arbitrary_string) + 1 > 137 sizeof(onstack) - strlen(onstack)) 138 err(1, "onstack would be truncated"); 139 (void)strncat(onstack, arbitrary_string, 140 sizeof(onstack) - strlen(onstack) - 1); 141#endif 142} 143.Ed 144.Sh SEE ALSO 145.Xr bcopy 3 , 146.Xr memccpy 3 , 147.Xr memcpy 3 , 148.Xr memmove 3 , 149.Xr strcpy 3 , 150.Xr strlcat 3 , 151.Xr strlcpy 3 152.Rs 153.%T "The FreeBSD Security Architecture" 154.Re 155(See 156.Pa "/usr/share/doc/{to be decided}" . ) 157.Sh STANDARDS 158The 159.Fn strcat 160and 161.Fn strncat 162functions 163conform to 164.St -isoC . 165