Revision as of 10:07, 20 July 2005 edit 24.13.21.190 (talk) Added the part about how gets() is OK if you check strlen() ← Previous edit		Revision as of 18:49, 20 July 2005 edit undo Project2501a (talk \| contribs) Extended confirmed users 3,131 edits +copyedit Next edit →
Line 8: <!-- Please expand this article. These random notes should be changed to a more coherent article. --> * One of the most common problems is unchecked use of constant-size structures and functions for dynamic-size data (the [[buffer overflow]] problem). This is especially common for [[string]] data in [[C programming language\|C]]. C library functions like <tt>gets</tt> should never be used since the maximum size of the input buffer is not passed as an argument. ~~(Actually,~~ <tt>gets()</tt> can be made safe, inprovided ~~certain~~the ~~situations,~~programmer checks to make sure ~~such~~that ashe ~~where~~knows the size of the source string ~~was~~by ~~verified by~~calling <tt>strlen()</tt> or a similar function before ~~the call to~~calling <tt>gets</tt>.) C library functions like <tt>scanf</tt> can be used safely, but require the programmer to take care with the selection of safe format strings, by sanitising it before using it. * Never make code more complex than necessary. Complexity breeds bugs, including security problems. * Either leave the code available to everyone on the Net (see [[Free software]] or [[Open Source Definition]]) or hire someone who will perform a software [[security audit]].

Defensive programming: Difference between revisions