In this lesson, we studied different functions that can be used to manipulate strings in C programming languages. The most commonly used functions are strlen(), strcmp() and strcpy().
C Standard library functions or simply C Library functions are inbuilt functions in C programming. The prototype and data definitions of these functions are present in their respective header files. To use these functions we need to include the header file in our program.
Because the GNU C Library which you are familiar with is implemented for user mode, not kernel mode. The kernel cannot access a userspace API (which might invoke a syscall to the Linux kernel).
What C standard library functions are used inappropriately/in ways that may cause/lead to security problems/code defects/inefficiencies ?
I'm gonna go with the obvious :
char *gets(char *s);
With its remarkable particularity that it's simply impossible to use it appropriately.
A common pitfall with the strtok()
function is to assume that the parsed string is left unchanged, while it actually replaces the separator character with '\0'
.
Also, strtok()
is used by making subsequent calls to it, until the entire string is tokenized. Some library implementations store strtok()
's internal status in a global variable, which may induce some nasty suprises, if strtok()
is called from multiple threads at the same time.
The CERT C Secure Coding Standard lists many of these pitfalls you asked about.
In almost all cases, atoi()
should not be used (this also applies to atof()
, atol()
and atoll()
).
This is because these functions do not detect out-of-range errors at all - the standard simply says "If the value of the result cannot be represented, the behavior is undefined.". So the only time they can be safely used is if you can prove that the input will certainly be within range (for example, if you pass a string of length 4 or less to atoi()
, it cannot be out of range).
Instead, use one of the strtol()
family of functions.
Let us extend the question to interfaces in a broader sense.
errno
:
technically it is not even clear what it is, a variable, a macro, an implicit function call? In practice on modern systems it is mostly a macro that transforms into a function call to have a thread specific error state. It is evil:
The forthcoming standard gets the definition of errno
a bit more straight, but these uglinesses remain
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With