This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Strings and Integers

From OWASP
Revision as of 17:57, 6 November 2007 by EoinKeary (talk | contribs)

Jump to: navigation, search

Strings are not a defined Type in C or C++ but simply a contigous array of characters terminated by a null (\0) character The length of the string is the amount of characters which preseed the null character. C++ does contain template classes which address this feature of the programming language: std::basic_string and std::string These classes address some security issues but not all. 

|W|E|L|C|O|M|E|\0|


Common String Errors

Common string errors can be related to mistakes in implementation which may cause drastic security and availability issues. C/C++ do not have the comfort other programming languages provide such as Java and C# .NET relating to buffer overflows and such due to a String Type not being defined.

Common issues include:

  1. Input validation errors
  2. Unbounded Errors
  3. Truncation issues
  4. Out-of-bounds writes
  5. String Termination Errors
  6. Off-by-one errors`

Some of the issues mentioned above have been covered in the buffer overflow sections previously in this guide.

Retrieved from "https://wiki.owasp.org/index.php?title=Strings_and_Integers&oldid=23172"