Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

strncat(3) [mojave man page]

STRCAT(3)						   BSD Library Functions Manual 						 STRCAT(3)

NAME

     strcat, strncat -- concatenate strings

LIBRARY

     Standard C Library (libc, -lc)

SYNOPSIS

     #include <string.h>

     char *
     strcat(char *restrict s1, const char *restrict s2);

     char *
     strncat(char *restrict s1, const char *restrict s2, size_t n);

DESCRIPTION

     The strcat() and strncat() functions append a copy of the null-terminated string s2 to the end of the null-terminated string s1, then add a
     terminating ''.	The string s1 must have sufficient space to hold the result.

     The strncat() function appends not more than n characters from s2, and then adds a terminating ''.

     The source and destination strings should not overlap, as the behavior is undefined.

RETURN VALUES

     The strcat() and strncat() functions return the pointer s1.

SECURITY CONSIDERATIONS

     The strcat() function is easily misused in a manner which enables malicious users to arbitrarily change a running program's functionality
     through a buffer overflow attack.	(See the FSA.)

     Avoid using strcat().  Instead, use strncat() or strlcat() and ensure that no more characters are copied to the destination buffer than it
     can hold.

     Note that strncat() can also be problematic.  It may be a security concern for a string to be truncated at all.  Since the truncated string
     will not be as long as the original, it may refer to a completely different resource and usage of the truncated resource could result in very
     incorrect behavior.  Example:

     void
     foo(const char *arbitrary_string)
     {
	     char onstack[8] = "";

     #if defined(BAD)
	     /*
	      * This first strcat is bad behavior.  Do not use strcat!
	      */
	     (void)strcat(onstack, arbitrary_string);	     /* BAD! */
     #elif defined(BETTER)
	     /*
	      * The following two lines demonstrate better use of
	      * strncat().
	      */
	     (void)strncat(onstack, arbitrary_string,
		 sizeof(onstack) - strlen(onstack) - 1);
     #elif defined(BEST)
	     /*
	      * These lines are even more robust due to testing for
	      * truncation.
	      */
	     if (strlen(arbitrary_string) + 1 >
		 sizeof(onstack) - strlen(onstack))
		     err(1, "onstack would be truncated");
	     (void)strncat(onstack, arbitrary_string,
		 sizeof(onstack) - strlen(onstack) - 1);
     #endif
     }

SEE ALSO

     bcopy(3), memccpy(3), memcpy(3), memmove(3), strcpy(3), strlcat(3), strlcpy(3), wcscat(3)

STANDARDS

     The strcat() and strncat() functions conform to ISO/IEC 9899:1990 (``ISO C90'').

BSD
								 December 1, 2009							       BSD

Check Out this Related Man Page

STRCAT(3)						     Linux Programmer's Manual							 STRCAT(3)

NAME

       strcat, strncat - concatenate two strings

SYNOPSIS

       #include <string.h>

       char *strcat(char *dest, const char *src);

       char *strncat(char *dest, const char *src, size_t n);

DESCRIPTION

       The  strcat() function appends the src string to the dest string, overwriting the terminating null byte ('') at the end of dest, and then
       adds a terminating null byte.  The strings may not overlap, and the dest string must have enough space for the  result.	 If  dest  is  not
       large enough, program behavior is unpredictable; buffer overruns are a favorite avenue for attacking secure programs.

       The strncat() function is similar, except that

       *  it will use at most n bytes from src; and

       *  src does not need to be null-terminated if it contains n or more bytes.

       As with strcat(), the resulting string in dest is always null-terminated.

       If  src	contains  n or more bytes, strncat() writes n+1 bytes to dest (n from src plus the terminating null byte).  Therefore, the size of
       dest must be at least strlen(dest)+n+1.

       A simple implementation of strncat() might be:

	   char*
	   strncat(char *dest, const char *src, size_t n)
	   {
	       size_t dest_len = strlen(dest);
	       size_t i;

	       for (i = 0 ; i < n && src[i] != '' ; i++)
		   dest[dest_len + i] = src[i];
	       dest[dest_len + i] = '';

	       return dest;
	   }

RETURN VALUE

       The strcat() and strncat() functions return a pointer to the resulting string dest.

CONFORMING TO

       SVr4, 4.3BSD, C89, C99.

NOTES

       Some systems (the BSDs, Solaris, and others) provide the following function:

	   size_t strlcat(char *dest, const char *src, size_t size);

       This function appends the null-terminated string src to the string dest, copying at most size-strlen(dest)-1 from src, and adds a null ter-
       minator	to  the result, unless size is less than strlen(dest).	This function fixes the buffer overrun problem of strcat(), but the caller
       must still handle the possibility of data loss if size is too small.  The function returns the length of the string strlcat() tried to cre-
       ate;  if  the  return  value  is greater than or equal to size, data loss occurred.  If data loss matters, the caller must either check the
       arguments before the call, or test the function return value.  strlcat() is not present in glibc and is not standardized by POSIX,  but	is
       available on Linux via the libbsd library.

SEE ALSO

       bcopy(3), memccpy(3), memcpy(3), strcpy(3), string(3), strncpy(3), wcscat(3), wcsncat(3)

COLOPHON

       This  page is part of release 3.53 of the Linux man-pages project.  A description of the project, and information about reporting bugs, can
       be found at http://www.kernel.org/doc/man-pages/.

GNU
								    2012-07-19								 STRCAT(3)
Man Page