...
The managed string library also provides a mechanism for dealing with data sanitization by (optionally) checking that all characters in a string belong to a predefined set of safe characters.
...
| Code Block |
|---|
errno_t retValue; char *cstr; /* pointerPointer to null-terminated byte string */ string_mx *str1 = NULL; retValue = strcreate_m(&str1, "hello, world", 0, NULL); if (retValue != 0) { fprintf(stderr, "Error %d from strcreate_m.\n", retValue); } else { /* retrieveRetrieve null-terminated byte string and print */ retValue = getstr_m(&cstr, str1); if (retValue != 0) { fprintf(stderr, "error %d from getstr_m.\n", retValue); } printf("(%s)\n", cstr); free(cstr); /* freeFree null-terminated byte string */ cstr = NULL; } |
Note that the calls to fprintf() and printf() are C Standard functions [ISO/IEC 9899:2011] functions and not managed string functions.
...
String-handling functions defined in the C Standard, Section subclause 7.24 [ISO/IEC 9899:2011], and elsewhere are susceptible to common programming errors that can lead to serious, exploitable vulnerabilities. Managed strings, when used properly, can eliminate many of these errors, particularly in new development.
...