Difference between revisions of "Strings and Integers"

From OWASP
Jump to: navigation, search
(New page: Strings are not a defined Type in C or C++ but simply a contigous array of characters terminated by a null (\0) character The length of the string is the amount of characters which preseed...)
 
Line 1: Line 1:
 
Strings are not a defined Type in C or C++ but simply a contigous array of characters terminated by a null (\0) character
 
Strings are not a defined Type in C or C++ but simply a contigous array of characters terminated by a null (\0) character
 
The length of the string is the amount of characters which preseed the null character.
 
The length of the string is the amount of characters which preseed the null character.
C++ does contain template classes which address this feature of the programming language: '''std::basic_string''' and '''std::string'''
+
C++ does contain template classes which address this feature of the programming language: '''std::basic_string''' and '''std::string''' These classes address some security issues but not all.
  
 
  '''|W|E|L|C|O|M|E|\0|'''
 
  '''|W|E|L|C|O|M|E|\0|'''
 +
 +
 +
==Common String Errors==
 +
Common string errors can be related to mistakes in implementation which may cause drastic security and availability issues.
 +
C/C++ do not have the comfort other programming languages provide such as Java and C# .NET relating to buffer overflows and such due to a String Type not being defined.
 +
 +
Common issues include:
 +
#Input validation errors
 +
#Unbounded Errors
 +
#Truncation issues
 +
#Out-of-bounds writes
 +
#String Termination Errors
 +
#Off-by-one errors

Revision as of 12:56, 6 November 2007

Strings are not a defined Type in C or C++ but simply a contigous array of characters terminated by a null (\0) character The length of the string is the amount of characters which preseed the null character. C++ does contain template classes which address this feature of the programming language: std::basic_string and std::string These classes address some security issues but not all.

|W|E|L|C|O|M|E|\0|


Common String Errors

Common string errors can be related to mistakes in implementation which may cause drastic security and availability issues. C/C++ do not have the comfort other programming languages provide such as Java and C# .NET relating to buffer overflows and such due to a String Type not being defined.

Common issues include:

  1. Input validation errors
  2. Unbounded Errors
  3. Truncation issues
  4. Out-of-bounds writes
  5. String Termination Errors
  6. Off-by-one errors