Compartilhar via


List of useful security libraries

I was asked last week for a list of "drop-in-and-more-secure" replacements, created at Microsoft, for C/C++ functions and constructs.

So here's a list:

IntSafe (C safe integer arith library)

SafeInt (C++ safe integer arith template class)

Secure CRT (C runtime replacements for strcpy, strncpy etc etc)

StrSafe (C runtime replacements for strcpy, strncpy etc etc)

Comments

  • Anonymous
    February 27, 2006
    PingBack from http://kernelmustard.com/2006/02/27/more-security-libraries/
  • Anonymous
    February 27, 2006
    That SafeInt class template (not template class) has got to be the worst bit of C++ I've seen in a while. Didn't that guy read Effective C++ or myriad other things? There's got to be something unsafe about bypassing the short-circuit evaluation for logical operators. The author doesn't justify his suspect choices, so I'll assume he doesn't know what he's doing.
  • Anonymous
    March 27, 2006
    BTW, Michael should have posted the link to the 2.0 version of the class, which is a fair bit cleaner, and is also posted on MSDN.

    There is something unsafe about bypassing short-circuit evaluation for logical operators. But if you're going to pass a SafeInt to something that needs a bool, you're going to end up with this. It is one of the design trade-offs, and this one was considered very early on. The only time this will really bite you is in the case of:

    if(func() && func2())

    where is isn't valid to call func2 unless func has succeeded. That's not a typical usage scenario for SafeInt, hence the design decision.

    There's several hundred lines of documentation and comments in the class - perhaps I missed that point.

    Funny you should mention Meyers' books - they're among my favorites, and Scott wrote me to let me know he really liked this class. If you take a look in the comments, you'll see where I made changes based on his input.
  • Anonymous
    March 27, 2006
    The newer version of SafeInt (2.0), and the associated article is at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure05052005.asp, and a direct link to the code is http://msdn.microsoft.com/library/en-us/dncode/html/secure05052005_sample.txt

    BTW, an easy work-around to ensure short circuiting works as you want is to write clean code like so:

    Instead of:

    if(SafeInt<int>(x) && SomeFunc())

    write:

    if(SafeInt<int>(x) != 0 && SomeFunc())

    This is nicer, more readable code, and the != operator does return a bool, this the && operator then works exactly as you expect. Another work-around would be to do this:

    if((bool)SafeInt<int>(x) && SomeFunc())

    My personal opinion is that if you write code that depends on short-circuiting to work correctly without side-effects, you'll find that others will have a hard time maintaining your code.

    YMMV.
  • Anonymous
    June 12, 2006
    A couple of people have asked about the relationship between /GS, SAL and ASLR in Windows Vista. Here’s...
  • Anonymous
    July 03, 2006
    PingBack from http://soci.hu/blog/index.php/2006/07/03/az-elmult-het-tanulsagai/
  • Anonymous
    April 02, 2008
    PingBack from http://manuel91.wordpress.com/2008/04/02/librerie-sicure-per-c-e-c/