TY - BOOK
T1 - Specifications for Managed Strings, Second Edition
AU - Burch, Hal
AU - Long, Fred
AU - Rungta, Raunak
AU - Seacord, Robert
AU - Svoboda, David
PY - 2010/5/1
Y1 - 2010/5/1
N2 - This report describes a managed string library for the C programming language. Many software vulnerabilities in C programs result from the misuse of manipulation functions for standard C strings. Programming errors common to string-manipulation logic include buffer overflow, truncation errors, string termination errors, and improper data sanitization. The managed string library provides mechanisms to eliminate or mitigate these problems and improve system security. The CERT Program, which is part of the Carnegie Mellon Software Engineering Institute, provides a proof-of-concept implementation of the managed string library on its Secure Coding web pages.
AB - This report describes a managed string library for the C programming language. Many software vulnerabilities in C programs result from the misuse of manipulation functions for standard C strings. Programming errors common to string-manipulation logic include buffer overflow, truncation errors, string termination errors, and improper data sanitization. The managed string library provides mechanisms to eliminate or mitigate these problems and improve system security. The CERT Program, which is part of the Carnegie Mellon Software Engineering Institute, provides a proof-of-concept implementation of the managed string library on its Secure Coding web pages.
KW - Software Engineering
KW - Technical Report
U2 - 10.1184/R1/6584285.v1
DO - 10.1184/R1/6584285.v1
M3 - Technical Report
BT - Specifications for Managed Strings, Second Edition
ER -