Without knowing which functions you're exactly using:
The user input is probably not a null terminated string, so you must make sure it's null terminated. Easiest is probably to zero the buffer before putting data in it; check
man memset.
If you allocate a buffer for userinput, you must prevent the user to entering more data or limit whatever has been read. Check
man fgets for reading userinput and limiting the amount of characters.
There is a
dedicated programming section at LQ
PS Another point: if you declared a
char *str1, this is only a pointer. You need to allocate memory before you can use it; a function that you use might already do that but without seeing the code it's difficult to say.