A Simple Software Security Guy at Microsoft!
We have just published the list of SDL-banned APIs, and their replacements.
http://msdn2.microsoft.com/en-us/library/bb288454.aspx
In "Security Development Lifecycle (SDL) Banned Function Calls" you reference your book "19 Deadly Sins of Software Development"; are you sure it's not "19 Deadly Sins of Software Security"? ...or did you guys write another book that Amazon doesn't know about?
PingBack from http://winblogs.security-feed.com/2007/03/08/list-of-banned-apis-now-available/
Geek!
What's wrong with this example?
HRESULT Function(char *s1, char *s2) {
char temp[32];
HRESULT hr = StringCchCopy(temp,sizeof(temp),s1);
if (FAILED(hr)) return hr;
return StringCchCat(temp,sizeof(temp),s2);
}
yeah, it's dumb - the function returns with no use of temp!! but at least it's secure :)
Thanks for a very informative article.
I think there's a small typo in one of the examples mentioned in the article-
errno_t Function(char *s1, char *s2) {
errno_t err = strcpy_s(temp,sizeof(temp),s1);
if (!err) return err;
//shouldn't it be- "if (err) return err;"
return strcat_s(temp,sizeof(temp),s2);
Thanks again.
Michael, no, it uses StringCchCopy and passes in the size of the buffer for the 2nd parameter. in other words, the example of how to fix your code contains a security bug.
Today, Michael Howard posted a link to updated documentation that contains the new list of banned APIs
To be clearer: the code as written is correct, but only because sizeof(char)==1.
A far better choice would have been to use the StringCbCopy and StringCbCat functions, that would work regardless of the type of the temp variable.
Thanks for a very informative article. It was indeed required.
But I think there was a typo in one of the examples given in that article-
// shouldn't it be- "if (err) return err;"???
thanks.
In meinen Vorträgen zu SDL habe ich oft von den "Banned APIs" gesprochen. Also die APIs, die wir aus
In meinen Vorträgen zu SDL habe ich oft von den "Banned APIs" gesprochen. Also die APIs, die
Are the suggested replacement functions fully and freely specified? I.e. is it possible and legal to write an second implementation that will run on other OSes?
C++'s std::string class is of course already implemented on many other OSes.
Michiel, the C functions (strcpy_s etc) are going thru the standard process right now :)
Evaluation Center Experience the New MSDN Evaluation Center The new central location to register to download