Chapter 2. Strings

with Dan Plakosh, Jason Rafail, and Martin Sebor1

1. Daniel Plakosh is a senior member of the technical staff in the CERT Program of Carnegie Mellon’s Software Engineering Institute (SEI). Jason Rafail is a Senior Cyber Security Consultant at Impact Consulting Solutions. Martin Sebor is a Technical Leader at Cisco Systems.

But evil things, in robes of sorrow, Assailed the monarch’s high estate.

—Edgar Allan Poe, “The Fall of the House of Usher”

2.1. Character Strings

Strings from sources such as command-line arguments, environment variables, console input, text files, and network connections are of special concern in secure programming because they provide means for external input to influence the behavior and output of a ...

Get Secure Coding in C and C++, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.