Which of the following built-in C/C++ functions you should avoid to prevent your program from buffer overflow attacks?

Which of the following built-in C/C++ functions you should avoid to prevent your program from buffer overflow attacks?

Which of the following built-in C/C++ functions you should avoid to prevent your program from buffer overflow attacks?

A.
strcpy()

B.
strcat()

C.
streadd()

D.
strscock()

Explanation:
When hunting buffer overflows, the first thing to look for is functions which write into arrays without any way to know the amount of space available. If you get to define the function, you can pass a length parameter in, or ensure that every array you ever pass to it is at least as big as the hard-coded maximum amount it will write. If you’re using a function someone else (like, say, the compiler vendor) has provided then avoiding functions like gets(), which take some amount of data over which you have no control and stuff it into arrays they can never know the size of, is a good start. Make sure that functions like the str…() family which expect NUL-terminated strings actually get them – store a ” in the last element of each array involved just before you call the function, if necessary. Strscock() is not a valid C/C++ function.



Leave a Reply 0

Your email address will not be published. Required fields are marked *