pand0ra.usa said:
In c++ there are reserved words that are security risks if not used
properly. For example, strcpy(), printf() (and it's variants), and
strncat() are targets for buffer overflow's. Does anyone know of
similar issues or examples in C#?
I'm not completely sure your question is clear. "strcpy", "printf",
etc. are not "reserved words" in C++. They are simply names of
functions found in a library (typically the CRT). For the purposes of
this reply, I'm ignoring the phrase "reserved words" altogether, as it
appears that's just a misunderstanding on your part.
Inasmuch as those functions are potentially exploitable through buffer
overrun errors, no...C# doesn't have the same security risk. As long as
you don't use the code marked "unsafe" in C#, all array accesses are
checked for validity. You can't overrun a buffer in C#, not without
explicitly adding that vulnerability to your code.
Which is not, of course, to say that there's no potential for security
risks in C#. It's just that that particular risk is "eliminated"
(inasmuch as we assume that .NET's implementation is correct...for that
kind of basic functionality, I think that's a safe assumption to make).
Pete
