Ruby Buzz Forum - Security enhancements in the CRT

Articles |
News |
Weblogs |
Books |
Forums

Artima Forums | Articles | Weblogs | Java Answers | News

Sponsored Link •

Ruby Buzz Forum
Security enhancements in the CRT

0 replies on 1 page.

Welcome Guest
Sign In

Back to Topic List

Reply to this Topic

Search Forum

Threaded View


Previous Topic		Next Topic

Flat View: This topic has 0 replies on 1 page

Daniel Berger

Posts: 1383
Nickname: djberg96
Registered: Sep, 2004

Daniel Berger is a Ruby Programmer who also dabbles in C and Perl

Security enhancements in the CRT

Posted: Jan 7, 2007 8:22 PM

This post originated from an RSS feed registered with Ruby Buzz by Daniel Berger.
Original Post: Security enhancements in the CRT Feed Title: Testing 1,2,3... Feed URL: http://djberg96.livejournal.com/data/rss Feed Description: A blog on Ruby and other stuff.	Latest Ruby Buzz Posts Latest Ruby Buzz Posts by Daniel Berger Latest Posts From Testing 1,2,3...

It appears that Microsoft's VC++ 8 adds some handy functions to the CRT. Namely, it provides safe versions of standard CRT functions, such as strcpy().

The MSDN docs sum it up nicely:

For example, the strcpy function has no way of telling if the string that it is copying is too big for its destination buffer. However, its secure counterpart, strcpy_s, takes the size of the buffer as a parameter, so it can determine if a buffer overrun will occur. If you use strcpy_s to copy eleven characters into a ten-character buffer, that is an error on your part; strcpy_s cannot correct your mistake, but it can detect your error and inform you by invoking the invalid parameter handler.

So, now you can do stuff like this without having to add extra security code:

if(strcpy_s(path, MAX_PATH, RSTRING(v_path)->ptr))
      rb_sys_fail("strcpy_s()");

That will raise an Errno::ERANGE error if v_path is longer than MAX_PATH.

Handy.

Read: Security enhancements in the CRT

Previous Topic

Next Topic


	Web Artima.com