The managed string library described in \[[Burch 06|AA. C References#Burch06]\] was developed in response to the need for a string library that could improve the quality and security of newly developed C language programs while eliminating obstacles to widespread adoption and possible standardization.

The managed string library is based on a dynamic approach in which memory is allocated and reallocated as required. This approach eliminates the possibility of unbounded copies, null-termination errors, and truncation by ensuring there is always adequate space available for the resulting string (including the terminating null character).

A runtime-constraint violation occurs when memory cannot be allocated. In this way, the managed string library accomplishes the goal of succeeding or failing in a pronounced manner.

The managed string library also provides a mechanism for dealing with data sanitization by (optionally) checking that all characters in a string belong to a predefined set of "safe" characters.

The following code illustrates how the managed string library can be used to create a managed string and retrieve a null-terminated byte string from the managed string.



Note that the calls to {{fprintf()}} and {{printf()}} are C99 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] standard functions and not managed string functions.



The forthcoming technical report ISO/IEC TR 24731 Part II will also provide an API that dynamically allocates the results of string functions as needed.



Risk Assessment



String handling functions defined in C99 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.21 and elsewhere are susceptible to common programming errors that can lead to serious, exploitable [vulnerabilities|BB. Definitions#vulnerability]. Managed strings, when used properly, can eliminate many of these errors, particularly in new development.






 Recommendation 


 Severity 


 Likelihood 


 Remediation Cost 


 Priority 


 Level 






 STR01-A 


 low 


 low 


 high 


 P3 


 L2 








Related Vulnerabilities



Search for vulnerabilities resulting from the violation of this rule on the CERT website.



References



\[[Burch 06|AA. C References#Burch06]\]
\[[CERT 06c|AA. C References#CERT 06c]\]
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.21, "String handling <string.h>"
\[[Seacord 05a|AA. C References#Seacord 05a]\] Chapter 2, "Strings"





STR00-A. Represent characters using an appropriate type      07. Characters and Strings (STR)       STR02-A. Sanitize data passed to complex subsystems