Buffer Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu.
Language tools – Safer library functions
•Example: Use of a different library than the standard C libraries
•Pros:
–Eliminates problems with unsafe library function calls in C/C++
•Cons:
–Existing code has to be modified
–Programmers have to become familiar with a different set of libraries
–Often string and memory handling libraries are replaced, but not standard library functions specific to an operating system like file handling and environment variable functions which can also lead to buffer overflows
–Not all buffer overflows are caused by library functions
–What happens when a buffer’s limit is reached?  Does the program halt?  Is the string truncated?  Is an exception generated?