A C Library of buffer and string manipulation routines that help protect against buffer overflows
The Secure Development Lifecycle (SDL) recommends banning certain C Library functions because they directly contribute to security vulnerabilities such as buffer overflows. However routines for the manipulation of strings and memory buffers are common in software and firmware, and are essential to accomplish certain programming tasks. Safer replacements for these functions that avoid or prevent serious security vulnerabilities (e.g. buffer overflows, string format attacks, conversion overflows/underflows, etc.) are available in the SafeString Library. This library includes routines for safe string operations (like strcpy) and memory routines (like memcpy) that are recommended for Linux/Android operating systems, and will also work for Windows. This library is especially useful for cross-platform situations where one library for these routines is preferred. The Safe String Library is based on the Safe C Library by Cisco, and includes replacement C Library functions for the SDL banned functions, as well as a number of additional useful routines that are also susceptible to buffer overflows. The Safe String Library was extended by Intel's Security Center of Excellence (SeCoE) to add additional routines. This list is moderated by developers actively working on the Safe String Library, and handles questions regarding the use, recommended enhancements, and defects found in the Safe String Library.
To contact the list owners, use the following email address: firstname.lastname@example.org
To see the prior postings to this list, visit the archives.
To subscribe or unsubscribe from this list, please log in first. If you have not previously logged in, you may need to set up an account with the appropriate email address.
You can also subscribe without creating an account. If you wish to do so, please use the form below.