C programming validating user input
Because we assume that you are a C or C programmer, we won't insult your intelligence by explaining buffer overflows to you.If you do not already understand the concept, you can consult many other software security books, including .Certainly, we recommend using , that are consistent in their behavior, and they provide an indication back to the caller of how much space in the destination buffer would be required to successfully complete their respective operations without truncating the results.For both functions, the length limit indicates the maximum size of the destination buffer, and the destination buffer is always are not available on all platforms; at present, they seem to be available only on Darwin, Free BSD, Net BSD, and Open BSD.Sometimes, this can be done at compile time, but generally it is done dynamically, right before data gets written.The C and C philosophy is different -- you are given the ability to eke out more speed, even if it means that you risk shooting yourself in the foot.One thing we really care about is this: "What does our application do with that data?
The only time C ever cares about the length of a string is in the standard library, and the length is not related to the allocated size at all -- instead, it is delimited by a 0-valued (-terminates the buffer.
There are plenty of other places where it is easy to overflow strings.
Pretty much any time you perform an operation that writes to a "string," there is room for a problem.
It's because this chapter is about one important class of defensive techniques: input validation.
In Recipe 3.3 below on preventing buffer overflows, and in all of the recipes in the book's "Input Validation" chapter, we assume that people are connected to our software, and that some of them may send malicious data (even if we think there is a trusted client on the other end).