Strsafe.h: More secure C-language string-handling functions

Source: Strsafe.h:safer String Handling in c:http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ Dnsecure/html/strsafe.asp

During Microsoft Windows Security Push activities at Microsoft, a group of testers, program management managers, and ordinary programmers decided to tailor a set of string-handling functions for C to a higher level of safety, and wanted these functions to be available to Windows Used by programmers and programmers within Microsoft.

In short, the existing C-language run-time functions are hard to build on today's hostile attempts to attack the environment. These functions either lack consistency on the return value and parameters, or imply a so-called "truncation error" (Truncation errors) error, or do not provide powerful enough functionality. Frankly, the code that calls these functions is too easy to create a "memory overflow" problem.

We found that classes oriented to C + + programmers were sufficient to handle the programming needs of a variety of secure processing strings; they were able to select MFC's CString classes, ATL CComBSTR classes, or STL string classes, and so on. However, the classic C language program is still ubiquitous, not to mention many people are using C + + as an "improved C language" to use, but the rich C + + class on the shelf.

In fact, you just need to add one line of code, you can invoke the Safe Strsafe series function in the C language code, in detail see:

"Using The Strsafe.h functions": http://msdn.microsoft.com/en-us/library/ms647466.aspx

These new functions are included in a header file and a function library (optional), and both can be found in the newer Platform SDK. Yes, that's simple:

#include　"strsafe.h"

What are you waiting for?

Again, the reference to the Strsafe function library is optional.

To achieve the goal of the Strsafe series function, your code must meet the following conditions:

Always ends a string with a NULL character.

Always detects the length of the target buffer.

Always produces a uniform return value with an HRESULT statement.

Both 32-bit and 64-bit operating environment.

With flexibility.

We feel that lack of uniformity is the root cause for many of the existing C-language string processing functions that are vulnerable to security vulnerabilities, and the high uniformity of Strsafe series functions is a good medicine to solve this problem. However, Strsafe is not a panacea. Relying solely on the Strsafe series functions does not guarantee the security and robustness of your code-you also have to start your brain-but that will help solve the problem.

Here's a section of code that uses the classic C language run-time function:

void　UnsafeFunc(LPTSTR　szPath,DWORD　cchPath)　{

TCHAR　szCWD[MAX_PATH];


GetCurrentDirectory(ARRAYSIZE(szCWD),　szCWD);

strncpy(szPath,　szCWD,　cchPath);

strncat(szPath,　TEXT("\\"),　cchPath);

strncat(szPath,　TEXT("desktop.ini"),cchPath);
}