Hey,
While perusing msdn recently, I stumbled across string safe functions. These functions were created to replace the standard c string handling routines. The following are some design criteria of string safe functions (msdn):
* Always NULL-terminate the string. * Always take a destination buffer size. * Always return consistent return codes (an HRESULT). * Support 32-bit and 64-bit environments. * Flexibility.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/ht...
What is your opinion on whether we should implement and use either the user-mode or kernel-mode (or both) string safe functions? Using these functions instead of the standard c string functions would promote consistency and security in the wine code base. On the other hand, using these functions adds another layer of calls to the code. What are other pro's and con's of using string safe functions?
--- James Hawkins truiken@gmail.com wrote:
What is your opinion on whether we should implement and use either the user-mode or kernel-mode (or both) string safe functions? Using these functions instead of the standard c string functions would promote consistency and security in the wine code base. On the other hand, using these functions adds another layer of calls to the code. What are other pro's and con's of using string safe functions?
One of the ReactOS guys started this if Wine wants to adopt it.
http://www.westparkcom.net/Royce3/StrSafe.zip
Thanks Steven
__________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo
James Hawkins truiken@gmail.com writes:
What is your opinion on whether we should implement and use either the user-mode or kernel-mode (or both) string safe functions? Using these functions instead of the standard c string functions would promote consistency and security in the wine code base. On the other hand, using these functions adds another layer of calls to the code. What are other pro's and con's of using string safe functions?
The main con is that these functions are not standard, and ugly as hell. Also, all they do is allow someone to write bad code without opening too many security holes; IMHO writing good code instead is a better way to achieve that.
-
Alexandre Julliard -
James Hawkins -
Steven Edwards