apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Lescohier <daniel.lescoh...@cbsi.com>
Subject Re: APR a Safe C library?
Date Fri, 28 Aug 2015 21:29:46 GMT
I really like the apr memory pool functions (aka arenas or regions [1]); it
makes it easier to write memory-safe code.  Of course, it is still the C
programming language; you don't have compile-time enforced memory safety
like with the Rust programming language, for instance.  But these APR
memory allocation functions are a big help in programming with memory
safety.

[1] https://en.wikipedia.org/wiki/Region-based_memory_management

On Fri, Aug 28, 2015 at 5:10 PM, Wes Garland <wes@page.ca> wrote:

> It's used by Apache httpd. I think that pretty much says everything
> you need to know :)
>
> Sent from my iPhone
>
> > On Aug 28, 2015, at 6:04, Tristan Leask <Tristan.Leask@enghouse.com>
> wrote:
> >
> > Hi all,
> >
> > Not sure if this is the right place to ask or not, so sorry if it isn't.
> >
> > I am currently using the APR library in conjunction with the Active MQ
> CPP connector, so that I can produce and consume topics over an Active MQ
> bus.  Recently I have asked to evaluate the security of our system and the
> components that it uses.  One of those requirements is to make sure that
> the software is protected as best as it can be from buffer exploits, and
> one way of doing this is to make sure that safe C libraries are being used
> with C code, and that C++ code uses safe API equivalents, e.g. strncpy() to
> strncpy_S().
> >
> > Reading the APR site, it says that you take security very seriously, so
> I am assuming that the library should be ok for this.  I could potentially
> get someone to look in to the code, but I thought it would be quicker to
> ask first.
> >
> > So, any comments?
> >
> > Thanks in advance!
> >
>

Mime
View raw message