strsafe.h

strsafe.h is a non-standard C header file provided with the Windows SDK starting with Windows XP Service Pack 2{{Cite web |title=About Strsafe.h (Windows) | date=20 June 2022 |url=https://msdn.microsoft.com/en-us/library/windows/desktop/ms647466(v=vs.85).aspx}} that provides safer buffer handling than that which is provided by the standard C string functions, which are widely known to have security issues involving buffer overruns when not used correctly.

Description

The functions included in strsafe.h replace standard C string handling and I/O functions including printf, strlen, strcpy and strcat.{{Cite book |last1=Richter | first1=Jeffrey |last2=Nasarre |first2=Christophe |title=Windows via C/C++ Fifth Edition |publisher=Microsoft Press |pages=11–32 |isbn=9780735663770}} The strsafe functions require the length of the string in either characters or bytes as a parameter and if an operation would exceed the length of the destination buffer, the operation fails and the string is still terminated with a null in its final valid index so that using it in other library functions will not result in undefined behavior. Independent security researchers have noted that security issues are still possible with the functions from strsafe.h if they are not passed the correct buffer length.{{Cite book |last1=Daswani |first1=Neil |last2=Kern |first2=Christopher |last3=Kesavan |first3=Anita |title=Foundations of Security: What Every Programmer Needs To Know |page=121 |publisher=Apress Media LLC |isbn=9781590597842}} The use of this library is recommended by the United States Department of Homeland Security.{{Cite web |title=Strsafe.h {{!}} Build Security In |url=https://buildsecurityin.us-cert.gov/articles/knowledge/coding-practices/strsafeh |author=Plakosh, Daniel}}

References

External links

[https://msdn.microsoft.com/en-us/library/windows/desktop/ms647466(v=vs.85).aspx StrSafe.h documentation on MSDN]

Category:Microsoft application programming interfaces

Category:C (programming language)