As likwid reads and writes on the msr device files security is an issue. Therefore I switched now from raw C strings to bstrlib. bstrlib is a C library (there is also a C++ wrapper) implementing a string implementation with memory management and a much improved functionality. While it is a very powerful library the documentation is not too good. Well it is a complex topic. I am very happy with bstrlib. It allowed to implement complex string manipulations in a readable and secure way and I hope also helps to make the applications more robust and secure.
To further improve security I check all user provided input for a maximum length to prevent overflows. As I use getopt for the command line arguments
I still rely on how they cope with this issues. Still the overflow will not occur in my code :-).
No comments:
Post a Comment