Announcement

Collapse
No announcement yet.

The Safe C Library

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The Safe C Library

    http://www.ddj.com/cpp/214502214?cid=RSSfeed_DDJ_All

    Considering how often poorly designed aspects of the C library can lead to security vulnerabilities (I'm looking at you, strncat) this was really interesting to see.

    This library wraps all buffers and performs bounds checking on all operations.

    It won't save you from a pointer arithmetic error, but it sounds a lot nicer than plain vanilla libc.

    --

    Alternatively: STOP USING C
    Last edited by bascule; February 24, 2009, 12:15.
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]

  • #2
    Re: The Safe C Library

    Similar projects have been around for at least a decade, and I'm really surprised that someone hasn't been more successful in pushing adoption forward. I would think that something as simple as removing functions that don't include the buffer size or NULL-terminate strings from the header (leave them in the library to support old binary objects) would go a long way to eliminating such basic security flaws.

    Of course, then you wouldn't be POSIX compliant...

    Comment


    • #3
      Re: The Safe C Library

      Originally posted by Voltage Spike View Post
      Of course, then you wouldn't be POSIX compliant...
      Sounds like they have their own standard (ISO/IEC TR 24731-1:2007) which provides for a subset of ANSI C along with new, safe counterparts for the functions they removed.
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
      [ redacted ]

      Comment

      Working...
      X