Skip to content
Dave W edited this page Apr 24, 2016 · 7 revisions

Safe String Library

The Safe String Library is a C Library providing string and memory buffer routines that protect against buffer overflows.

The Secure Development Lifecycle (SDL) recommends that certain C Library functions not be used, because of their propensity to create buffer overflow vulnerabilities. It is not the routines themselves, but rather the lack of proper verification of the parameters, that cause the security issues.

Background

Microsoft Windows provides a set of safe routines to replace the banned C library functions as part of the StrSafe.h or SAFE CRT libraries. Details are published in the MSDN article: SDL Banned Function Calls. However, this library cannot used for cross-platform or Linux development.

The Safe String Library contains replacements for these SDL banned C functions and are created to avoid or prevent serious security vulnerabilities (e.g. buffer overflows, string format attacks, conversion overflows/underflows, etc.). The Safe String Library was originally developed by Cisco, and made available as a Source Forge project. Support and development on this library had ceased, so Intel's Security Center of Excellence (SeCoE) updated the Cisco library, adding additional routines and providing additional unit test functions. The Safe String Library is Intel's open source release of this updated Cisco library.

The Banned C Library Functions

Linux-type operating systems provide a base C library that includes many of the SDL banned functions. The specific list of banned functions is provided in the table below. These functions​ should not be used, but instead replacement functions should be utilized from The Safe String Library (see details below).