Revision as of 18:49, 20 July 2005 edit Project2501a (talk \| contribs) Extended confirmed users 3,131 edits +copyedit ← Previous edit		Revision as of 12:46, 17 August 2005 edit undo Sperling (talk \| contribs) 412 edits gets() doesn't read a "source string" but a file, so you can't check beforehand with strlen() Next edit →
Line 8: <!-- Please expand this article. These random notes should be changed to a more coherent article. --> * One of the most common problems is unchecked use of constant-size structures and functions for dynamic-size data (the [[buffer overflow]] problem). This is especially common for [[string]] data in [[C programming language\|C]]. C library functions like <tt>gets</tt> should never be used since the maximum size of the input buffer is not passed as an argument. <tt>gets()</tt> can be made safe, provided the programmer checks to make sure that he knows the size of the source string by calling <tt>strlen()</tt> or a similar function before calling <tt>gets</tt>.) C library functions like <tt>scanf</tt> can be used safely, but require the programmer to take care with the selection of safe format strings, by sanitising it before using it. * Never make code more complex than necessary. Complexity breeds bugs, including security problems. * Either leave the code available to everyone on the Net (see [[Free software]] or [[Open Source Definition]]) or hire someone who will perform a software [[security audit]].

Defensive programming: Difference between revisions