Friday, March 19, 2010

Secure string handling in C

Everyone programming C knows that string support in C is really painful and potentially error-prone. I really wonder that they did not fix this issue. It is known for a while that string handling in C causes a lot of security issues and bugs.

As likwid reads and writes on the msr device files security is an issue. Therefore I switched now from raw C strings to bstrlib. bstrlib is a C library (there is also a C++ wrapper) implementing a string implementation with memory management and a much improved functionality. While it is a very powerful library the documentation is not too good. Well it is a complex topic. I am very happy with bstrlib. It allowed to implement complex string manipulations in a readable and secure way and I hope also helps to make the applications more robust and secure.

To further improve security I check all user provided input for a maximum length to prevent overflows. As I use getopt for the command line arguments
I still rely on how they cope with this issues. Still the overflow will not occur in my code :-).

likwid also blogs now !!

For the Unaware: likwid stand for Like I Knew What Im Doing. It is a collection of lightweight, simple and easy to use tools targeted to the experienced performance aware programmer in a multicore Linux environment.

I will post news and development issues around likwid here.
As I have time I might also add some general thoughts about computer architecture and performance oriented programming.

Stay tuned!