Seeing as everyone is piling in with their list of "safer" string handlging functions - We also released a header file, strsafe.h, which is being used internally... http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecur e/html/strsafe.asp Of course, the real way to build secure software is not to use "safe" functions, but to check data validity :-) Cheers, Michael Secure Windows Initiative Writing Secure Code 2nd Edition http://www.microsoft.com/mspress/books/5957.asp -----Original Message----- From: mlhat_private [mailto:mlhat_private] Sent: Tuesday, January 28, 2003 3:38 PM To: Timo Sirainen Cc: Ed Carp; secprogat_private On Tue, Jan 28, 2003 at 08:37:37PM +0200, Timo Sirainen wrote: > > I'd suggest not using C's string handling functions at all, they're > way too annoying to be used safely (or at all, really). There's many > libraries that make things easier for you, GLIB and libowfat comes to > my mind at first. I've also put a stripped down version of my library > available at http://irccrew.org/~cras/security/lib/ Another library 'libslack' has a rich set of string functions: http://libslack.org/manpages/str.3.html Matt
This archive was generated by hypermail 2b30 : Tue Jan 28 2003 - 17:03:05 PST