Are there any free implementations of strcpy_s and/or TR24731-1?
https://stackoverflow.com/questions/10067728
-
30-05-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPergunta
I have an old project that is mixed C and C++. It makes extensive use of C strings and of strcpy,strcat,strncpy,strncat etc. I've uncovered a number of buffer overflows, and I'd like to use more secure functions, such as strcpy_s. MSVC includes those functions, but I need something that will work on various platforms - linux, osx, and windows at the least.
I do know of strlcpy, but as plenty of people have noted (example), it really isn't an improvement.
So: Are there any free implementations of strcpy_s, strcat_s, etc, or of the entire TR24731-1?
I need something that's either public domain or BSD, but if you know of implementations under other licenses, go ahead and list them - I'm sure someone else will benefit.
Solução
Try with the Safe C library. It's under the MIT license and according to this list implements the functions you're looking for:
The Safe C Library provides bound checking memory and string functions per ISO/IEC TR24731. These functions are alternative functions to the existing standard C library that promote safer, more secure programming
Outras dicas
You can use memcpy and memset etc, which are portable and safer than string functions.
Why not using strncpy and strncat? Contrary to strlcpy and strlcat, they are standard C functions. These functions are not perfect but you can use them safely.
And also note that the bounds-checking _s functions are optional in the current Standard.
