

Improving Security in the Latest C Programming Language Standard - m0nastic
http://blog.sei.cmu.edu/post.cfm/improving-security-in-the-latest-c-programming-language-standard-1?wt.ac=hpBlog

======
revelation
The _s family of functions is what MSVC has been forcing upon people by
claiming all other functions deprecated.

So now the standard is lending nomenclatura and possibly implementation from
the company that stoically refuses to implement C99.

~~~
batista
Yes, I can see how using more secure functions is a step backwards, because
some company not involved in the standard has also used functions by that
name...

------
kmm
Using _strncpy_ is not a remedy at all. The function was never designed for
safe string copying, but for copying fixed-width inode names[1]. The fact that
is protects against buffer overflows is pure coincidence.

[1]: <http://stackoverflow.com/a/1454071>

------
comex
The only difference between strcpy_s and strlcpy, other than taking arguments
in a different order and being more annoying to type, is that if an overflow
would occur, it sets destination[0] to 0 rather than truncating. This is
probably an improvement, since truncation can cause security problems if
you're building filenames and such (though, should you fail the test
accidentally, I suspect it's much harder to track down why a string somewhere
in your app became empty than why it was truncated)... but is it really worth
switching to yet another string copy function?

(well, from a BSD perspective. Apparently strcpy_s has been around on Windows
since Windows 95.)

~~~
yuhong
Nope, it is a CRT function introduced in VC8.

~~~
comex
edit: never mind, I get it. it's compatible with programs targeting Windows
95, since it's a crt function, but not Windows 95 headers. I was confused by
[http://msdn.microsoft.com/en-
us/library/td1esda9(v=vs.80).as...](http://msdn.microsoft.com/en-
us/library/td1esda9\(v=vs.80\).aspx)

------
mjcohenw
For years, I have been saying "In C, an array is a pointer, an offset, and a
prayer."

Looks like I might have to change this.

------
TwoBit
The author/site mentions that in practice snprintf isn't portable on Unix
platforms because a number of implementations of it are botched. I have to say
that one of the best things we did was implement our own conforming
printf/scanf family of functions. They act the same everywhere, which isn't
possible even with the existing conforming C library implementations, as the
Standard is not precise about the specification.

------
reirob
Does anybody know when GCC will support which features of C11?

~~~
m0nastic
From the GCC 4.6 Release notes‡,

4.6 already supports:

    
    
      Static assertions
      Typedef redefinition
      New macros in <float.h>
      Anonymous structures and unions
    

4.7 supports:

    
    
      Unicode strings
      the predefined macros __STDC_UTF_16__ and __STDC_UTF_32__
      Nonreturning functions 
      Alignment support
      A built-in function __builtin_complex is provided to support C library implementation of the CMPLX family of macros.
    

I haven't found any good sources for what is to be included in 4.8

‡ <http://gcc.gnu.org/gcc-4.6/changes.html#c> ‡
<http://gcc.gnu.org/gcc-4.7/changes.html>

