...
The managed string library also provides a mechanism for dealing with data sanitization by (optionally) checking that all characters in a string belong to a predefined set of "safe" characters.
The following code illustrates how the managed string library can be used to create a managed string and retrieve a null-terminated byte string from the managed string.
...
| Wiki Markup |
|---|
Note that the calls to {{fprintf()}} and {{printf()}} are C99 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] standard functions and not managed string functions. |
Risk Assessment
| Wiki Markup |
|---|
String handling functions defined in C99 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.21 and elsewhere are susceptible to common programming errors that can lead to serious, exploitable [vulnerabilities|BB. Definitions#vulnerability]. Managed strings, when used properly, can eliminate many of these errors, particularly in new development. |
...