This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Strings and Integers"
(New page: Strings are not a defined Type in C or C++ but simply a contigous array of characters terminated by a null (\0) character The length of the string is the amount of characters which preseed...) |
|||
Line 1: | Line 1: | ||
Strings are not a defined Type in C or C++ but simply a contigous array of characters terminated by a null (\0) character | Strings are not a defined Type in C or C++ but simply a contigous array of characters terminated by a null (\0) character | ||
The length of the string is the amount of characters which preseed the null character. | The length of the string is the amount of characters which preseed the null character. | ||
− | C++ does contain template classes which address this feature of the programming language: '''std::basic_string''' and '''std::string''' | + | C++ does contain template classes which address this feature of the programming language: '''std::basic_string''' and '''std::string''' These classes address some security issues but not all. |
'''|W|E|L|C|O|M|E|\0|''' | '''|W|E|L|C|O|M|E|\0|''' | ||
+ | |||
+ | |||
+ | ==Common String Errors== | ||
+ | Common string errors can be related to mistakes in implementation which may cause drastic security and availability issues. | ||
+ | C/C++ do not have the comfort other programming languages provide such as Java and C# .NET relating to buffer overflows and such due to a String Type not being defined. | ||
+ | |||
+ | Common issues include: | ||
+ | #Input validation errors | ||
+ | #Unbounded Errors | ||
+ | #Truncation issues | ||
+ | #Out-of-bounds writes | ||
+ | #String Termination Errors | ||
+ | #Off-by-one errors |
Revision as of 17:56, 6 November 2007
Strings are not a defined Type in C or C++ but simply a contigous array of characters terminated by a null (\0) character The length of the string is the amount of characters which preseed the null character. C++ does contain template classes which address this feature of the programming language: std::basic_string and std::string These classes address some security issues but not all.
|W|E|L|C|O|M|E|\0|
Common String Errors
Common string errors can be related to mistakes in implementation which may cause drastic security and availability issues. C/C++ do not have the comfort other programming languages provide such as Java and C# .NET relating to buffer overflows and such due to a String Type not being defined.
Common issues include:
- Input validation errors
- Unbounded Errors
- Truncation issues
- Out-of-bounds writes
- String Termination Errors
- Off-by-one errors