The managed string library described in \[[Burch 06|AA. C References#Burch06]\] was developed in response to the need for a string library that could improve the quality and security of newly developed C language programs while eliminating obstacles to widespread adoption and possible standardization. |
The managed string library is based on a dynamic approach in which memory is allocated and reallocated as required. This approach eliminates the possibility of unbounded copies, NULL-termination errors, and truncation by ensuring there is always adequate space available for the resulting string (including the terminating NULL character).
A runtime-constraint violation occurs when memory cannot be allocated. In this way, the managed string library accomplishes the goal of succeeding or failing in a pronounced manner.
The managed string library also provides a mechanism for dealing with data sanitization by (optionally) checking that all characters in a string belong to a predefined set of "safe" characters.
The following code illustrates how the managed string library can be used to create a managed string and retrieve a NULL-terminated byte string from the managed string.
errno_t retValue;
char *cstr; /* pointer to NULL-terminated byte string */
string_m str1 = NULL;
retValue = strcreate_m(&str1, "hello, world", 0, NULL);
if (retValue != 0)) {
fprintf(stderr, "Error %d from strcreate_m.\n", retValue);
}
else { /* retrieve NULL-terminated byte string and print */
retValue = getstr_m(&cstr, str1);
if (retValue != 0) {
fprintf(stderr, "error %d from getstr_m.\n", retValue);
}
printf("(%s)\n", cstr);
free(cstr); /* free NULL-terminated byte string */
cstr = NULL;
}
|
Note that the calls to {{fprintf()}} and {{printf()}} are C99 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] standard functions and not managed string functions. |
The forthcoming technical report ISO/IEC TR 24731 Part II will also provide an API that dynamically allocates the results of string functions as needed.
String handling functions defined in C99 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.21 and elsewhere are susceptible to common programming errors that can lead to serious, exploitable [vulnerabilities|BB. Definitions#vulnerability]. Managed strings, when used properly, can eliminate many of these errors, particularly in new development. |
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
STR01-A |
high |
probable |
high |
P6 |
L2 |
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
\[[Burch 06|AA. C References#Burch06]\] \[[CERT 06c|AA. C References#CERT 06c]\] \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.21, "String handling <string.h>" \[[Seacord 05a|AA. C References#Seacord 05a]\] Chapter 2, "Strings" |
STR07-A. Use TR 24731 for remediation of existing string manipulation code 07. Characters and Strings (STR)