String safe functions

Purpose

The incorrect use of string functions can cause security problems for your application. Typically this involves a buffer overrun which can allow a denial of service attack against your application or the injection of executable code from an attacker. The Strsafe functions enable the safer handling of strings and are recommended for better security for your application.

Where Applicable

Poor buffer handling is implicated in many security issues that involve buffer overruns. The functions defined in Strsafe.h provide additional processing for proper buffer handling in your code. For this reason, they are intended to replace their built-in C/C++ counterparts as well as specific Microsoft Windows implementations. Strsafe.h may be obtained by downloading the Windows Core software development kit (SDK) from the SDK Update Site .


Instructions for building static library:

1. Extract all files from archive in separate folder.
You must have MS Platform SDK at least from January 2001 which ships strsafe.h.

2. Open defaultmake.inc in text editor and locate line with
PSDKROOT=
After equal sign place your path to folder where MS Platform SDK is installed. Note that path must be in short - DOS variant (sample: C:\Program Files\Microsoft Platform SDK would become E:\PROGRA~1\MICROS~1) Save and close file.

3. Open strsafe.mak file in some text editor (notepad or similar) and change BCCROOT macro to path where is BCB Installed. Note that if your path has spaces use DOS short path (C:\Program files\Borland\CBuilder5 will become C:\Progra~1\Borland\CBuild~1). 

4. Open command prompt and build library with make -f strsafe.mak. As a result you will get Borland C++ compatibile strsafe.lib. You can perform automatic instalation with make -f strsafe.mak install. This will copy prebuilt library to your Borland C++ Lib folder and you can use it.

5. To use static library define STRSAFE_LIB before including header file. For more info on String Safe functions reffer to MSDN or Platform SDK documentation.

If you have any comments or error submitions contact me:
e-mail: kiklop@eunet.yu

Darko Miletic