security goals re strcpy/strcat/sprintf (Re: "Secure coding" audit checkers and Kerberos)

Nicolas Williams Nicolas.Williams at
Thu Oct 16 16:56:49 EDT 2008

On Thu, Oct 16, 2008 at 10:41:23AM -0400, Jeffrey Altman wrote:
> The interface is well thought out.  MIT might consider implementing this
> interface for *nix and relying on it throughout the code base.  Or at
> the very least implement the functions that are selected for Windows by
> making use of this interface.

StringCbCat() looks very similar to strlcat(), only slightly crippled
(it doesn't return a length, but success/failure).  StringCbCatEx(),
apart from its flags argument, makes up for that limitation.

StringCbPrintfEx() provides similar functionality to snprintf(), plus
the flags argument.

StringCbLength() is like strnlen().

The best thing about these functions may well be that the difference
between counting characters and counting bytes is quite explicit.  The
behavior of str*() and *printf() functions w.r.t. byte-or-char counting
might turn out to depend on the phases of the moon and such, and that
would be bad.  If this is the case for anything beyond *printf() %s
precision fields then I will agree with your recommendation that "MIT
consider implementing this interface for *nix."

Thanks for the pointer to this API!


More information about the krbdev mailing list