Difference between revisions of "Strings and Integers"

From OWASP
Jump to: navigation, search
Line 18: Line 18:
 
#Off-by-one errors`
 
#Off-by-one errors`
  
Some of the issues mentioned above have been covered in the buffer overflow sections previously in this guide.
+
Some of the issues mentioned above have been covered in the "Reviewing code buffer overflows and overruns" section previously in this guide.

Revision as of 13:01, 6 November 2007

Strings are not a defined Type in C or C++ but simply a contigous array of characters terminated by a null (\0) character The length of the string is the amount of characters which preseed the null character. C++ does contain template classes which address this feature of the programming language: std::basic_string and std::string These classes address some security issues but not all.

|W|E|L|C|O|M|E|\0|


Common String Errors

Common string errors can be related to mistakes in implementation which may cause drastic security and availability issues. C/C++ do not have the comfort other programming languages provide such as Java and C# .NET relating to buffer overflows and such due to a String Type not being defined.

Common issues include:

  1. Input validation errors
  2. Unbounded Errors
  3. Truncation issues
  4. Out-of-bounds writes
  5. String Termination Errors
  6. Off-by-one errors`

Some of the issues mentioned above have been covered in the "Reviewing code buffer overflows and overruns" section previously in this guide.