As a beginner to C, i want to know what are the basic security tips every C programmer should be familiar with. Strictly referring to C.
Think that the main problem is buffer overflow. It may happen using function like fgets, or scanf, without specifying the max number of bytes to read. A malicious input string larger than allocated buffer may overrite the return address in the stack causing the execution of the supplied exploit.
The topic is quite large, but as a start, you may want to avoid segmentation faults and buffer overflows.
The most obvious one: buffer overruns. Use strncpy
instead of strcpy
.
精彩评论