search menu icon-carat-right cmu-wordmark

Specifications for Managed Strings

May 2006 Technical Report
Hal Burch, Fred Long, Robert C. Seacord

This report has been superseded by Specifications for Managed Strings, Second Edition (CMU/SEI-2010-TR-018).

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2006-TR-006

Abstract

This report describes a managed string library for the C programming language. Many software vulnerabilities in C programs result from the misuse of standard C string manipulation functions. Programming errors common to string manipulation logic include buffer overflow, truncation errors, string termination errors, and improper data sanitation. The managed string library provides mechanisms to eliminate or mitigate these problems and improve system security. A proof-of-concept implementation of the managed string library is available from the Secure Coding area of the CERT Web site.

This report has been superseded by Specifications for Managed Strings, Second Edition (CMU/SEI-2010-TR-018).