Strsafe.h

strsafe.h is a non-standard C header file provided with the Windows SDK starting with Windows XP Service Pack 2^[1] that provides safer buffer handling than that which is provided by the standard C string functions, which are widely known to have security issues involving buffer overruns when not used correctly.

Description

The functions included in strsafe.h replace standard C string handling and I/O functions including printf, strlen, strcpy and strcat.^[2] The strsafe functions require the length of the string in either characters or bytes as a parameter and if an operation would exceed the length of the destination buffer, the operation fails and the string is still terminated with a null in its final valid index so that using it in other library functions will not result in undefined behavior.^[1][2] Independent security researchers have noted that security issues are still possible with the functions from strsafe.h if they are not passed the correct buffer length.^[3] The use of this library is recommended by the United States Department of Homeland Security.^[4]