strsafe.h

From The Right Wiki
Revision as of 16:23, 20 November 2024 by imported>Citation bot (Added date. | Use this bot. Report bugs. | Suggested by Whoop whoop pull up | Category:Microsoft application programming interfaces | #UCB_Category 45/133)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

strsafe.h is a non-standard C header file provided with the Windows SDK starting with Windows XP Service Pack 2[1] that provides safer buffer handling than that which is provided by the standard C string functions, which are widely known to have security issues involving buffer overruns when not used correctly.

Description

The functions included in strsafe.h replace standard C string handling and I/O functions including printf, strlen, strcpy and strcat.[2] The strsafe functions require the length of the string in either characters or bytes as a parameter and if an operation would exceed the length of the destination buffer, the operation fails and the string is still terminated with a null in its final valid index so that using it in other library functions will not result in undefined behavior.[1][2] Independent security researchers have noted that security issues are still possible with the functions from strsafe.h if they are not passed the correct buffer length.[3] The use of this library is recommended by the United States Department of Homeland Security.[4]

References

  1. 1.0 1.1 "About Strsafe.h (Windows)". 20 June 2022.
  2. 2.0 2.1 Richter, Jeffrey; Nasarre, Christophe. Windows via C/C++ Fifth Edition. Microsoft Press. pp. 11–32. ISBN 9780735663770.
  3. Daswani, Neil; Kern, Christopher; Kesavan, Anita. Foundations of Security: What Every Programmer Needs To Know. Apress Media LLC. p. 121. ISBN 9781590597842.
  4. Plakosh, Daniel. "Strsafe.h | Build Security In".

External links