开发者

Basic security mistakes to avoid in C [closed]

开发者 https://www.devze.com 2023-03-11 13:05 出处:网络
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical andcannot be reasonably answered in its current form. For help clari
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this questio开发者_JS百科n so that it can be reopened, visit the help center. Closed 11 years ago.

As a beginner to C, i want to know what are the basic security tips every C programmer should be familiar with. Strictly referring to C.


Think that the main problem is buffer overflow. It may happen using function like fgets, or scanf, without specifying the max number of bytes to read. A malicious input string larger than allocated buffer may overrite the return address in the stack causing the execution of the supplied exploit.


The topic is quite large, but as a start, you may want to avoid segmentation faults and buffer overflows.


The most obvious one: buffer overruns. Use strncpy instead of strcpy.

0

精彩评论

暂无评论...
验证码 换一张
取 消