Buffer
Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.
http://sfsecurity.pr.erau.edu.
Language tools – “Safe” buffers
Example: C++ class objects that do bounds
checking like CString, or “limitless” strings like libmib
Pros:
–Much safer than standard string handling in C
–Exceptions can be handled instead of a program halt
Cons:
–Require the use of different library functions, meaning
that existing code has to be modified or
interfaced with in a low-level way
–A “limitless” string has to continually be reallocated
meaning a bigger heap and a performance
cost
–What if you don’t want the buffer to grow and accept a
bigger input?