Abstract
Programs that provide Internet services such as email, web browsing, and remote login communicate over the network by sending streams of bytes. Most of these exchanges are interpreted as strings (sequences of characters) that denote commands or requests. Parsing these commands is a particular challenge in servers written in C since the received byte stream is retrieved in chunks, where each chunk has an explicit size. Using chunks of memory with explicit size stands in contrast to the convention of standard string functions in C, which expect the length of a string to be determined by a nul character (a zero byte) at the end of a string. Mixing these two conventions can lead to subtle bugs in the program that do not show up until, for example, a malicious attacker sends a request string that contains a nul character. Another example is the program presented in the introduction (Fig. 1.2), which is incorrect on many platforms yet probably works seamlessly on most inputs since characters larger than 127 are rarely encountered in text files.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag London Limited
About this chapter
Cite this chapter
(2008). Tracking String Lengths. In: Simon, A. (eds) Value-Range Analysis of C Programs. Springer, London. https://doi.org/10.1007/978-1-84800-017-9_11
Download citation
DOI: https://doi.org/10.1007/978-1-84800-017-9_11
Publisher Name: Springer, London
Print ISBN: 978-1-84800-016-2
Online ISBN: 978-1-84800-017-9
eBook Packages: Computer ScienceComputer Science (R0)