Developer Network> Microsoft Development Columns> Visual Studio.net Columns> VC.NET> Text
1. Introduction Microsoft's Visual C 2005 release version is correctly selected for programming enthusiasts who are interested in easily and quickly write safe and reliable applications. As you have heard, the new features of the language and libraries in Visual C make developing security, reliable applications more easier than before. It provides powerful and flexible standard C , but also provides the most powerful development language that is programmed under the .NET framework. In this article, I mainly explore the new features of some languages and libraries in the release version of Visual C 2005, both for teaching projects or large application projects, which will help you improve work efficiency when writing safe and reliable code. Second, the security features of the C operation time If you are using Visual C to create an application using C Runtime Library, you will be very pleased to learn more secure versions now. For functions that require one or more buffers as the input, a length parameter has been added to make the function to be confident that the buffer boundary is not exceeded. Now more functions begin to legally check the parameters, and the invalid parameter processor will be called if necessary. Let's look at some simple examples: The Calchang Library is the Gets function in the runtime library, which is read from the standard input. Think about a simple example of the following:
CHAR BUFFER [10] = {0}; Gets (buffer);
The first line of code declares a buffer variable and sets the initialization of characters in the buffer to 0. In order to avoid accidental conditions, it is a very good idea to initialize the variable as a well-known value. Then, the seemingly innocent Gets function reads a row from the standard input stream and writes to the buffer buffer. Is this wrong? For functions, the C-type array cannot be passed, but passed a pointer to the first element of the array. So in the function, char [] is equivalent to the char * pointer, and is an original pointer that does not include any additional information that can determine the size of the buffer size indicated. So how is the gets function? It assumes that the buffer is unlimited (uint_max is accurate size) and will continue to copy characters from the input stream into the buffer. Attackers can easily use this weakness, which unneiguated type errors are called buffers. Many initial C running time library functions have suffered the same as parameter confirmation, and it is therefore attacked. Be sure to keep in mind that the performance of the currently wants, the performance is in the secondary position, and we live in a safe first world. Each of the criticized functions has been replaced by a function that provides the same functionality, but adds a function of the security feature. Of course, according to the old library function you use in the existing code, you may need some time to come to the code more replacement to new, safer versions. These new functions have a _s suffix, for example, the Gets function is replaced by the getS_s function; the attack-attacked STRCPY function is replaced by the strcpy_s function. Here is an example:
CHAR BUFFER [10] = {0}; Gets_S (Buffer, Sizeof (Buffer) / Sizeof (Buffer [0]));
The Gets_S function has an additional parameter that displays the maximum number of characters that can be written, which includes a NULL terminator. I used the SizeOf operator that determines the length of the array because the compiler determines the result returned by the SIZEOF operator when compiling. Remember, the length of the number of SIZEOF returns is based on bytes, so the array length will return the number of elements in the array in the length of the first element in the array. This simple method can be ported to the unicode encoding using _getws_s, which also needs to know the length of buffer in bytes. As I mentioned, another single-use function strcpy function accepted security check, just like a gets function, there is no way to ensure a valid buffer size, so it can only assume that the buffer is large enough to accommodate the string to copy. . When running in the program, this will result in an unpredictable behavior, as I mentioned, in order to avoid these unpredictable behaviors, this has an example of using a secure STRCPY_S function. Char source [] = "Hello World!"; Char Destination [20] = {0}; strcpy_s (Destination, Sizeof (Destination) / sizeof (Destination [0]), Source);
There are many reasons to like this new strcpy_s function. The most obvious difference is the additional, byte-based parameters, it is used to confirm the buffer size. This allows the STRCPY_S function to perform runtime check to determine the written character does not exceed the boundaries of the target buffer. There are also some other check methods to determine the validity of the parameters. These detection methods in debug versions include the "Assertions) method that displays debug reports, if their conditions are not met, they will display debug reports. Whether it is debugging or distribution, if a specific condition is not met, an invalid parameter manager will be called, which default behavior is to throw an access conflict to terminate the application. This is very good to make your app continuously run without expected results. Of course, this situation can be avoided by ensuring that the invalid parameters are not called similar to the STRCPY_S.
Full-text reading: VC 2005 Quick Build Safety Applications
