Misplaced Pages

strsafe.h

Article snapshot taken from[REDACTED] with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

strsafe.h is a non-standard C header file provided with the Windows SDK starting with Windows XP Service Pack 2 that provides safer buffer handling than that which is provided by the standard C string functions, which are widely known to have security issues involving buffer overruns when not used correctly.

Description

The functions included in strsafe.h replace standard C string handling and I/O functions including printf, strlen, strcpy and strcat. The strsafe functions require the length of the string in either characters or bytes as a parameter and if an operation would exceed the length of the destination buffer, the operation fails and the string is still terminated with a null in its final valid index so that using it in other library functions will not result in undefined behavior. Independent security researchers have noted that security issues are still possible with the functions from strsafe.h if they are not passed the correct buffer length. The use of this library is recommended by the United States Department of Homeland Security.

References

  1. ^ "About Strsafe.h (Windows)". 20 June 2022.
  2. ^ Richter, Jeffrey; Nasarre, Christophe. Windows via C/C++ Fifth Edition. Microsoft Press. pp. 11–32. ISBN 9780735663770.
  3. Daswani, Neil; Kern, Christopher; Kesavan, Anita. Foundations of Security: What Every Programmer Needs To Know. Apress Media LLC. p. 121. ISBN 9781590597842.
  4. Plakosh, Daniel. "Strsafe.h | Build Security In".

External links


Stub icon

This computer-programming-related article is a stub. You can help Misplaced Pages by expanding it.

Categories:
strsafe.h Add topic