Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Are there any free implementations of strcpy_s and/or TR24731-1?

Tags:

c

string

security

cross-platform

tr24731

I have an old project that is mixed C and C++. It makes extensive use of C strings and of strcpy,strcat,strncpy,strncat etc. I've uncovered a number of buffer overflows, and I'd like to use more secure functions, such as strcpy_s. MSVC includes those functions, but I need something that will work on various platforms - linux, osx, and windows at the least.

I do know of strlcpy, but as plenty of people have noted (example), it really isn't an improvement.

So: Are there any free implementations of strcpy_s, strcat_s, etc, or of the entire TR24731-1?

I need something that's either public domain or BSD, but if you know of implementations under other licenses, go ahead and list them - I'm sure someone else will benefit.

like image 814
Mark Avatar asked Apr 09 '12 00:04

Mark

People also ask

Why is strcpy_s safe?

The "safer" functions that Microsoft is "helpfully" suggesting that you use - such as strcpy_s() would be standard, as they are part of the optional Annex K of the C standard, had Microsoft implemented them per the standard. Microsoft Visual Studio implements an early version of the APIs.

What is the difference between Strcpy and strcpy_s?

strcpy is a unsafe function. When you try to copy a string using strcpy() to a buffer which is not large enough to contain it, it will cause a buffer overflow. strcpy_s() is a security enhanced version of strcpy() .

Is strcpy_s portable?

The downside to this is that strcpy_s is non-standard and MS specific... and therefore if you write code to use it, your code will not be portable.

What is Strlcpy in C?

Usage. strlcpy() takes the full size of the buffer, not only the length, and terminates the result with NUL as long as is greater than 0. Include a byte for the NUL in your value. size size. The strlcpy() function returns the total length of the string that would have been copied if there was unlimited space.

2 Answers

Try with the Safe C library. It's under the MIT license and according to this list implements the functions you're looking for:

The Safe C Library provides bound checking memory and string functions per ISO/IEC TR24731. These functions are alternative functions to the existing standard C library that promote safer, more secure programming

like image 132
Óscar López Avatar answered Sep 29 '22 10:09

Óscar López

You can use memcpy and memset etc, which are portable and safer than string functions.

like image 31
P.P Avatar answered Sep 29 '22 10:09

P.P
Sign in to Comment

Related questions

How to safely convert/copy volatile variable?
How hard is it (really) to decompile assembly code? [closed]
Order of defining types
signed as default in C
Difference between ADT and Classes?
Is there an optimal byte size for sending data over a network?
How do I unroll (compile) an interpreter loop?
Good patterns for a C/C++ plugin-based system?
Representing dynamic typing in C
How to make YY_INPUT point to a string rather than stdin in Lex & Yacc (Solaris)
Is fwrite atomic?
How are delegates in C# better than function pointers in C/C++?
Project Euler Question 14 (Collatz Problem)
Can we optimize code to reduce power consumption?
Programming novice: How to program my own data compression algorithm?
Understanding OpenGL
Do I have to free an array inside a struct?
C macro to create a bit mask -- possible? And have I found a GCC bug?
What is the difference between MAP_SHARED and MAP_PRIVATE in the mmap function?
How can I store a function pointer in a structure?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!