< Previous by Date | Date Index | Next by Date > |
< Previous in Thread | Thread Index | Next in Thread > |
Matthias Moetje wrote: > Adam, > > I wanted to add a few more comments on the strdup issue. > > strdup was not replaced by _strdup due to security concerns. > This function is never unsecure because it does not write to > an existing buffer, instead it creates and returns a new > buffer, so buffer overruns (at least) will never occur. > > The reason why it was replaced is that strdup (and similar > functions) do not conform to the ISO C++ standard because > functions starting with 'str' are reserved and strdup does > not belong to the standard (at least the '99 one). > While I think it is a noble goal by MS to be more standards > compliant I think this decision is silly because it create > more cross-platform issues as it solves... > It remains interesting, though, if other compilers will > Follow this route ;-) strdup is standardized by POSIX though, as well as dating back to SVr4 and 4.3BSD according to Linux man-pages, so Microsoft's behaviour on this seems to be just foisting an incompatible and uglier name on us for zero concrete advantage. :-/ > The other really important change to many of the string functions > is the introduction of the secure string functions, suffixed > with '_s'. > I would be interested in replacing all these functions with > their secure counterparts in the next year. > > The platform compatibility could be easily achieved by creating > a few wrapper functions included in a define which will call > the unsecure counterparts on platforms where the secure versions > are available. > The benefit of this is obvious... > > Does anybody know about non-Windows platforms, are there libraries > with these secure functions already? I'm not aware of any. I reckon that there's a fair chance that if anyone else set out to create safer string functions for Unix, they'd probably do it without Microsoft's Excessive Underscore Disease too :-) Max.
Attachment:
signature.asc
Description: OpenPGP digital signature