1.\" Copyright (c) 1990, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" This code is derived from software contributed to Berkeley by 5.\" Chris Torek and the American National Standards Committee X3, 6.\" on Information Processing Systems. 7.\" 8.\" Redistribution and use in source and binary forms, with or without 9.\" modification, are permitted provided that the following conditions 10.\" are met: 11.\" 1. Redistributions of source code must retain the above copyright 12.\" notice, this list of conditions and the following disclaimer. 13.\" 2. Redistributions in binary form must reproduce the above copyright 14.\" notice, this list of conditions and the following disclaimer in the 15.\" documentation and/or other materials provided with the distribution. 16.\" 3. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.Dd April 3, 2022 33.Dt STRCAT 3 34.Os 35.Sh NAME 36.Nm strcat , 37.Nm strncat 38.Nd concatenate strings 39.Sh LIBRARY 40.Lb libc 41.Sh SYNOPSIS 42.In string.h 43.Ft char * 44.Fn strcat "char * restrict s" "const char * restrict append" 45.Ft char * 46.Fn strncat "char * restrict s" "const char * restrict append" "size_t count" 47.Sh DESCRIPTION 48The 49.Fn strcat 50and 51.Fn strncat 52functions 53append a copy of the null-terminated string 54.Fa append 55to the end of the null-terminated string 56.Fa s , 57then add a terminating 58.Ql \e0 . 59The string 60.Fa s 61must have sufficient space to hold the result. 62If 63.Fa s 64and 65.Fa append 66overlap, the results are undefined. 67.Pp 68The 69.Fn strncat 70function 71appends not more than 72.Fa count 73characters from 74.Fa append , 75and then adds a terminating 76.Ql \e0 . 77If 78.Fa s 79and 80.Fa append 81overlap, the results are undefined. 82.Sh RETURN VALUES 83The 84.Fn strcat 85and 86.Fn strncat 87functions 88return the pointer 89.Fa s . 90.Sh SEE ALSO 91.Xr bcopy 3 , 92.Xr memccpy 3 , 93.Xr memcpy 3 , 94.Xr memmove 3 , 95.Xr strcpy 3 , 96.Xr strlcat 3 , 97.Xr strlcpy 3 , 98.Xr wcscat 3 99.Sh STANDARDS 100The 101.Fn strcat 102and 103.Fn strncat 104functions 105conform to 106.St -isoC . 107.Sh HISTORY 108The 109.Fn strcat 110function first appeared in the Programmer's Workbench (PWB/UNIX) 111and was ported to 112.At v7 ; 113.Fn strncat 114first appeared in 115.At v7 . 116.Sh SECURITY CONSIDERATIONS 117The 118.Fn strcat 119function is easily misused in a manner 120which enables malicious users to arbitrarily change 121a running program's functionality through a buffer overflow attack. 122.Pp 123Avoid using 124.Fn strcat . 125Instead, use 126.Fn strncat 127or 128.Fn strlcat 129and ensure that no more characters are copied to the destination buffer 130than it can hold. 131.Pp 132Note that 133.Fn strncat 134can also be problematic. 135It may be a security concern for a string to be truncated at all. 136Since the truncated string will not be as long as the original, 137it may refer to a completely different resource 138and usage of the truncated resource 139could result in very incorrect behavior. 140Example: 141.Bd -literal 142void 143foo(const char *arbitrary_string) 144{ 145 char onstack[8]; 146 147#if defined(BAD) 148 /* 149 * This first strcat is bad behavior. Do not use strcat! 150 */ 151 (void)strcat(onstack, arbitrary_string); /* BAD! */ 152#elif defined(BETTER) 153 /* 154 * The following two lines demonstrate better use of 155 * strncat(). 156 */ 157 (void)strncat(onstack, arbitrary_string, 158 sizeof(onstack) - strlen(onstack) - 1); 159#elif defined(BEST) 160 /* 161 * These lines are even more robust due to testing for 162 * truncation. 163 */ 164 if (strlen(arbitrary_string) + 1 > 165 sizeof(onstack) - strlen(onstack)) 166 err(1, "onstack would be truncated"); 167 (void)strncat(onstack, arbitrary_string, 168 sizeof(onstack) - strlen(onstack) - 1); 169#endif 170} 171.Ed 172