Secure C Library

Go Up to C Run-Time Library Reference

The foremost reason why Secure C Library came into existence was the need for bounds checking for string handling functions in the C Library. There are many functions in the C Library that expect the caller to supply string parameters long enough to hold the result of the operations. When a larger string is written "over" a smaller string, in fact data is written past the end, overwriting other program data. This can lead to "mysterious" failures, as the program has no means of knowing if or when something went wrong.

A typical solution was to try to use strings that were "big enough" but this could lead to two problems: either the result was a waste of space, or the user's "big enough" was not big enough in practice. In addition, buffer overflows can be exploited in order to run harmful code, compromising the security of operating systems and networks.

For many C Run-time Library functions, the Secure C Library introduces extra parameters that are used for bounds checking of character arrays, and data is never written past the end of an array. Besides that, it introduces run-time constraints and the means for the user to set his own run-time violation handling functions. Doing so, the program can know when and where something goes wrong with a character array and can fix the error, or fail gracefully.

The style of programming that Secure C Library promotes leads to safer and less bug-filled code.

Example

int main(){ 
    char corpName[10];
    printf ("Enter your corporation name:  ");
    gets(name);
    printf ("Your corporation name is: %s", corpName);
    return 0;
}

If the client inputs a name greater than 9 characters, then stack and data corruption can occur. Changing gets(name); to gets_s(name,10) removes these problems, as no matter how many characters the user inputs, only the first 9 characters are stored in the corpName character array.

stdio.h

Input/output Routines

• tmpfile_s
• tmpnam_s

File access functions

• fopen_s
• freopen_s

Formatted input/output functions

• fprintf_s, fwprintf_s
• fscanf_s, fwscanf_s
• printf_s, wprintf_s
• scanf_s, wscanf_s
• snprintf_s, snwprintf_s
• sprintf_s, swprintf_s
• sscanf_s, swscanf_s
• vfprintf_s, vfwprintf_s
• vfscanf_s, vfwscanf_s
• vprintf_s, vwprintf_s
• vscanf_s, vwscanf_s
• vsnprintf_s, vsnwprintf_s
• vsprintf_s, vswprintf_s
• vsscanf_s, vswscanf_s

Character input/output functions

• gets_s

stdlib.h

Runtime-constraint handling

• set_constraint_handler_s
• abort_handler_s
• ignore_handler_s

Communication with the environment

• getenv_s, wgetenv_s

Searching and sorting utilities

• bsearch_s
• qsort_s

string.h

Copying functions

• memcpy_s
• memmove_s
• strcpy_s, wcscpy_s
• strncpy_s, wcsncpy_s

Concatenation functions

• strcat_s, wcscat_s
• strncat_s, wcsncat_s

Search functions

• strtok_s, wcstok_s

Miscellaneous functions

• strerror_s, _wcserror_s
• strerrorlen_s

time.h

Time conversion functions

• asctime_s, wasctime_s
• ctime_s, wctime_s
• gmtime_s
• localtime_s