Specifications for Managed Strings

Abstract

This report describes a managed string library for the C programming language. Many software vulnerabilities in C programs result from the misuse of standard C string manipulation functions. Programming errors common to string manipulation logic include buffer overflow, truncation errors, string termination errors, and improper data sanitation. The managed string library provides mechanisms to eliminate or mitigate these problems and improve system security. A proof-of-concept implementation of the managed string library is available from the Secure Coding area of the CERT Web site.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 2006
Accession Number
ADA449432

Entities

People

  • Fred Long
  • Hal Burch
  • Robert Seacord

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Abstracts
  • C Programming Language
  • Computer Programming
  • Computer Science
  • Conversion
  • Department Of Defense
  • Engineering
  • Governments
  • Guarantees
  • Language
  • Programming Languages
  • Security
  • Software Development
  • Specifications
  • Standards
  • Truncation
  • Websites

Fields of Study

  • Computer science

Readers

  • Aviation Safety Risk Assessment.
  • Database Systems and Applications
  • Mathematical Modeling and Probability Theory.