RE: safe strcpy()?

Seeing as everyone is piling in with their list of "safer" string handlging functions - We also released a header file, strsafe.h, which is being used internally...

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecur e/html/strsafe.asp

Of course, the real way to build secure software is not to use "safe" functions, but to check data validity :-)

Cheers, Michael
Secure Windows Initiative
Writing Secure Code 2nd Edition
http://www.microsoft.com/mspress/books/5957.asp

-----Original Message-----
From: mlh@zip.com.au [mailto:mlh@zip.com.au] Sent: Tuesday, January 28, 2003 3:38 PM
To: Timo Sirainen
Cc: Ed Carp; secprog@securityfocus.com

On Tue, Jan 28, 2003 at 08:37:37PM +0200, Timo Sirainen wrote:
>
> I'd suggest not using C's string handling functions at all, they're

Another library 'libslack' has a rich set of string functions:

        http://libslack.org/manpages/str.3.html

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Matt Received on Tue Jan 28 20:03:12 2003